Hawkeye_Keylogger_IOCs_01-05-2019

#Hawkeye #Keylogger #Trojan
-----------------------------------
01-05-2019				IOC's
-----------------------------------
Main object- "b5c16f2dd1bce63001a2ba5f964c761b7667bd875d4ac5594eece3df93818e70.bin.gz"
	sha256	54ffee7c070ac622a8acb59ef907d8364f6e9ea66227c283edc3ed20269b1371
	sha1	21ec8d581b6f6dbcce0273ef7c109fbd0a9c6d37
	md5	11ca5836bdac1823adc5f1e89d4afa5a
Dropped executable file
	sha256	C:\Users\admin\Desktop\b5c16f2dd1bce63001a2ba5f964c761b7667bd875d4ac5594eece3df93818e70.bin.gz	b5c16f2dd1bce63001a2ba5f964c761b7667bd875d4ac5594eece3df93818e70
	sha256	C:\Users\admin\AppData\Roaming\.exe	a1dce9a4fa65a4f59d848f053817cdb6a9b3bfbe81fbe08dd12db9ff00764e3e
DNS requests
	domain	ftp.testproeg.com
	domain	bot.whatismyipaddress.com
Connections
	ip	66.171.248.178
	ip	192.145.239.39
HTTP/HTTPS requests
	url	http://bot.whatismyipaddress.com/
---------------------------------------------