Details
Malware Family HawkEye
Date Added Nov. 2, 2015, 10:56 a.m.
MD5 0b99e531660ca4aa1a51fdc67f40f30c
Sha256 1ad5718cf333e7619fd5c0cfbe3e96c0814f5f8a9b1615432f19f7d40587cdc7
Robot Robots lovingly delivered by robohash.org
Config Sections
Config String 32 melt
Config String 33 Disablereg
Config String 30 logger
Crypted String 6 smtp.gmail.com
Crypted String 4 pieczara357@gmail.com
Crypted String 5 pieczara357
Crypted String 0
Config String 18 dontclearff
Config String 19 bindfiles
Config String 38 \Windows Update.exe
Config String 36 Disablespreaders
Config String 37 Disablesteam
Config String 34 Disablecmd
Config String 35 Disablemsconfig
Config String 14 noemail
Config String 15 yesftp
Config String 16 nophp
Config String 17 dontclearie
Crypted String 10 ls2009.xlx.pl
Crypted String 11 ls2009@xlx.pl
Crypted String 12 kikusia12
Crypted String 13 http://www.site.com/logs.php
Config String 7 0
Config String 2 WinForms_RecursiveFormCreate
Config String 3 WinForms_SeeInnerException
Config String 1 Property can only be set to Nothing
Config String 31 stealers
Crypted String 39
Config String 8 300000
Config String 9 Nieprawidlowe rozszerzenie .jpeg
Config String 21 websitevisitor
Config String 20 downloadfiles
Config String 23 notify
Config String 22 websiteblocker
Config String 25 fakeerror
Config String 24 DisableSSL
Config String 27 screeny
Config String 26 startup
Config String 29 DisableTaskManager
Config String 28 clip
Advertising
VirusTotal

37 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
http://www.site.com/logs.php 0
Geo Location
Yara Rules
Comments
comments powered by Disqus