hawkeye | 0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8 | Triage

Submit
Reports

Overview

overview

Static

static

0d5ff709cd...e8.exe

windows7_x64

0d5ff709cd...e8.exe

windows10_x64

Sharing

General

Target

0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
Size

1.1MB
Sample

201111-9hr55dmahe
MD5

f00ae271782ebffdb9248b0277ed7fdb
SHA1

efbf5ddbfa8565d159f58d330b1aad03727ba8c0
SHA256

0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
SHA512

03b71686beec5bd9ae5a8f0330e2b0c234466de02715b7d2bbefa68576b68f30bae22aedf512a44f8134073ab951a44586f9115bc9bd3ea985d42075d5d204b7

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
- Size
  
  1.1MB
- MD5
  
  f00ae271782ebffdb9248b0277ed7fdb
- SHA1
  
  efbf5ddbfa8565d159f58d330b1aad03727ba8c0
- SHA256
  
  0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
- SHA512
  
  03b71686beec5bd9ae5a8f0330e2b0c234466de02715b7d2bbefa68576b68f30bae22aedf512a44f8134073ab951a44586f9115bc9bd3ea985d42075d5d204b7
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy