Details
Malware Family HawkEye
Date Added April 24, 2016, 6:49 a.m.
MD5 c6e27ced051a27398349ba0d2433665b
Sha256 342ca3584970d669fe5401e0ace15ac92fa35a514aa47ce9432110d11c699b04
Robot Robots lovingly delivered by robohash.org
Config Sections
Config String 32 Disablemelt
Config String 33 Disablereg
Config String 30 Disablelogger
Crypted String 6 smtp.gmail.com
Crypted String 4 youremail@gmail.com
Crypted String 5 YourPassword
Crypted String 0
Config String 18 dontclearff
Config String 19 bindfiles
Config String 38 \Windows Update.exe
Config String 36 Disablespreaders
Config String 37 Disablesteam
Config String 34 Disablecmd
Config String 35 Disablemsconfig
Config String 14 noemail
Config String 15 yesftp
Config String 16 nophp
Config String 17 dontclearie
Crypted String 10 x32454hz.bget.ru
Crypted String 11 x32454hz_pandemia
Crypted String 12 netpav666
Crypted String 13 http://www.site.com/logs.php
Config String 7 0
Config String 2 WinForms_RecursiveFormCreate
Config String 3 WinForms_SeeInnerException
Config String 1 Property can only be set to Nothing
Config String 31 stealers
Crypted String 39
Config String 8 300000
Config String 9 Downloads msc.dll
Config String 21 websitevisitor
Config String 20 downloadfiles
Config String 23 Disablenotify
Config String 22 websiteblocker
Config String 25 fakeerror
Config String 24 DisableSSL
Config String 27 Disablescreeny
Config String 26 Disablestartup
Config String 29 DisableTaskManager
Config String 28 Disableclip
Advertising
VirusTotal

43 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
http://www.site.com/logs.php 0
Geo Location
Yara Rules
Comments
comments powered by Disqus