HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection Scheduled Task/Job
maec-delivery-vectors: Watering Hole
attack-pattern: Data Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Clipboard Data - T1414 Credentials - T1589.001 Credentials From Password Stores - T1555 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Hidden Files And Directories - T1564.001 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Keylogging - T1056.001 Keylogging - T1417.001 Local Data Staging - T1074.001 System Network Configuration Discovery - T1422 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Virtualization/Sandbox Evasion - T1497 Unsecured Credentials - T1552 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Clipboard Data - T1115 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Email Collection - T1114 Hidden Files And Directories - T1158 Remote File Copy - T1105 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Process Hollowing - T1093 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 Third-Party Software - T1072 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 User Execution - T1204 Masquerading Screen Capture User Execution
Common Information
Type Value
UUID 65025c39-7a27-45ae-9b96-294e9b2ea4ec
Fingerprint 352c0805a1b50395
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 13, 2024, 10:54 a.m.
Added to db Nov. 13, 2024, 12:24 p.m.
Last updated Dec. 11, 2024, 9:09 a.m.
Headline HawkEye Malware: Technical Analysis
Title HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Detected Hints/Tags/Attributes 134/3/55
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 14 ANY.RUN's Cybersecurity Blog https://any.run/cybersecurity-blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1064
any.run
Details File 252
schtasks.exe
Details File 71
vbc.exe
Details File 4
holdermail.txt
Details File 30
index.dat
Details File 32
profiles.ini
Details md5 4
60fabd1a2509b59831876d5e2aa71a6b
Details md5 3
defc51f31f6c4fa89cc6a39a62d8a08f
Details md5 3
dea59d578e0e64728780fb67dde7d96d
Details md5 3
040058f70ffdee6398f7b64ae1ea46d3
Details md5 3
e651dca5c850451cdba7f25cbb4134e7
Details md5 3
de823ba5d67de8682e6d7b8b472dbbcb
Details md5 3
25a2d98dfcf6a12ea6459882c56aa2e0
Details md5 3
179b219afa2ac15b14affd399273148b
Details md5 3
38a3cb547a0a19a61534792f572f08b0
Details md5 3
addcd85e0126e63e46da09eb8ea97120
Details md5 3
0a2f6501a36c1b13532139e3c1843109
Details md5 3
06916c9505da82f63a73768c6f336192
Details md5 3
ab264deb2563dc4df8b281b18e0861ba
Details IPv4 3
66.147.236.46
Details IPv4 3
204.141.42.56
Details IPv4 3
129.204.194.84
Details MITRE ATT&CK Techniques 357
T1036
Details MITRE ATT&CK Techniques 485
T1053
Details MITRE ATT&CK Techniques 397
T1547.001
Details MITRE ATT&CK Techniques 88
T1055.012
Details MITRE ATT&CK Techniques 51
T1074.001
Details MITRE ATT&CK Techniques 225
T1113
Details MITRE ATT&CK Techniques 174
T1555
Details MITRE ATT&CK Techniques 324
T1566.001
Details MITRE ATT&CK Techniques 425
T1204
Details MITRE ATT&CK Techniques 558
T1112
Details MITRE ATT&CK Techniques 98
T1564.001
Details MITRE ATT&CK Techniques 456
T1055
Details MITRE ATT&CK Techniques 239
T1562
Details MITRE ATT&CK Techniques 643
T1027
Details MITRE ATT&CK Techniques 510
T1140
Details MITRE ATT&CK Techniques 244
T1497
Details MITRE ATT&CK Techniques 113
T1552
Details MITRE ATT&CK Techniques 181
T1087
Details MITRE ATT&CK Techniques 145
T1518.001
Details MITRE ATT&CK Techniques 232
T1033
Details MITRE ATT&CK Techniques 506
T1012
Details MITRE ATT&CK Techniques 249
T1016
Details MITRE ATT&CK Techniques 188
T1518
Details MITRE ATT&CK Techniques 1022
T1082
Details MITRE ATT&CK Techniques 542
T1005
Details MITRE ATT&CK Techniques 159
T1560
Details MITRE ATT&CK Techniques 90
T1114
Details MITRE ATT&CK Techniques 86
T1115
Details MITRE ATT&CK Techniques 504
T1105
Details MITRE ATT&CK Techniques 466
T1071
Details MITRE ATT&CK Techniques 116
T1571
Details MITRE ATT&CK Techniques 22
T1583.008
Details Windows Registry Key 48
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run