Details
Malware Family HawkEye
Date Added June 30, 2016, 12:48 p.m.
MD5 314db3d02e6192d758b6d881a076bb87
Sha256 4b3fb1cc0c9fb34b06fda489890d2bf8f3e0eb29629a9a82d4a1d8b0c6716ac5
Robot Robots lovingly delivered by robohash.org
Config Sections
Config String 32 stealers
Config String 33 Disablemelt
Config String 30 DisableTaskManager
Crypted String 6 smtp.gmail.com
Crypted String 4 twofuke@gmail.com
Crypted String 5 fuke12345
Crypted String 0
Config String 18 dontclearie
Config String 19 dontclearff
Config String 38 Disablesteam
Config String 39 \Windows Update.exe
Config String 36 Disablemsconfig
Config String 37 Disablespreaders
Config String 34 Disablereg
Config String 35 Disablecmd
Config String 14 yesemail
Config String 15 noftp
Config String 16 nophp
Config String 17 0
Crypted String 10 ftp.yourhost.com
Crypted String 11 YourUsername
Crypted String 12 YourPassword
Crypted String 13 http://www.site.com/logs.php
Config String 7 587
Config String 2 WinForms_RecursiveFormCreate
Config String 3 WinForms_SeeInnerException
Config String 1 Property can only be set to Nothing
Config String 31 logger
Config String 8 300000
Config String 9 Erro de instalação de atualização do .NET Framework: "0x80070643 é exibida" ou "0x643"
Config String 21 downloadfiles
Config String 20 bindfiles
Config String 23 websiteblocker
Config String 22 websitevisitor
Config String 25 DisableSSL
Config String 24 Disablenotify
Config String 27 startup
Config String 26 fakeerror
Config String 29 clip
Config String 28 screeny
Advertising
VirusTotal

41 out of 53 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
http://www.site.com/logs.php 0
Geo Location
Yara Rules
Comments
comments powered by Disqus