hawkeye | 7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f | Triage

Submit
Reports

Overview

overview

Static

static

7f5ae904bd...6f.exe

windows7_x64

7f5ae904bd...6f.exe

windows10_x64

Sharing

General

Target

7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
Size

1.1MB
Sample

201112-xckhn8fvdx
MD5

e452fc00c57b8434ad18220ee56f26e0
SHA1

6134dfdbef4ab5c9f686403236bdee856d13f80d
SHA256

7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
SHA512

235de8822ff738b5af9095819a3184cf9b05cf0e884e55fb3e048054745b7aaf5671fbe3a64c8671469da5176626e07d1ed6dcd4d50b51dd445ede37e410ceba

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
- Size
  
  1.1MB
- MD5
  
  e452fc00c57b8434ad18220ee56f26e0
- SHA1
  
  6134dfdbef4ab5c9f686403236bdee856d13f80d
- SHA256
  
  7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
- SHA512
  
  235de8822ff738b5af9095819a3184cf9b05cf0e884e55fb3e048054745b7aaf5671fbe3a64c8671469da5176626e07d1ed6dcd4d50b51dd445ede37e410ceba
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy