hawkeye | f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f | Triage

Submit
Reports

Overview

overview

Static

static

f7317b7888...9f.exe

windows7_x64

f7317b7888...9f.exe

windows10_x64

Sharing

General

Target

f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
Size

1.1MB
Sample

201109-erpjhchkw6
MD5

b2c07697fa0b7fd99f5bf56e2555ffae
SHA1

117c3a2df7ddff8334e9e28f331b37750bca075d
SHA256

f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
SHA512

284aca733ea5498c17fce3524d9ac3e3bc10fcdbf61045ca78c19e49dc4ac7645ff27dbb78c663617376f64453fb390e0553676b8a448db21cf423b3f2564cca

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
- Size
  
  1.1MB
- MD5
  
  b2c07697fa0b7fd99f5bf56e2555ffae
- SHA1
  
  117c3a2df7ddff8334e9e28f331b37750bca075d
- SHA256
  
  f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
- SHA512
  
  284aca733ea5498c17fce3524d9ac3e3bc10fcdbf61045ca78c19e49dc4ac7645ff27dbb78c663617376f64453fb390e0553676b8a448db21cf423b3f2564cca
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy