hawkeye | 78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164 | Triage

Submit
Reports

Overview

overview

Static

static

78f2928a86...64.exe

windows7_x64

78f2928a86...64.exe

windows10_x64

Sharing

General

Target

78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
Size

1.1MB
Sample

201113-hxd3mxpe4s
MD5

989e7890bf658ab56ee9eec72cd8483b
SHA1

777fb8de248994011e1fbce4502c00de9ca0d976
SHA256

78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
SHA512

3a747302ddfeb82a9df59096b84324775be29ad8c89f6bf8bb0e9a9af62f8a31f9378928f4dc7672d6ee99b0a118812f0ad1c82e1077fe99643acf2c5e00aec3

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
- Size
  
  1.1MB
- MD5
  
  989e7890bf658ab56ee9eec72cd8483b
- SHA1
  
  777fb8de248994011e1fbce4502c00de9ca0d976
- SHA256
  
  78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
- SHA512
  
  3a747302ddfeb82a9df59096b84324775be29ad8c89f6bf8bb0e9a9af62f8a31f9378928f4dc7672d6ee99b0a118812f0ad1c82e1077fe99643acf2c5e00aec3
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy