hawkeye | 6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b | Triage

Submit
Reports

Overview

overview

Static

static

6144777174...2b.exe

windows7_x64

6144777174...2b.exe

windows10_x64

Sharing

General

Target

6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
Size

1.0MB
Sample

201114-exk9cn7ejj
MD5

ba6d7442594e9953cde6bc7f376ccbb6
SHA1

933aaccb99adb26e2061e89294649e633899cce4
SHA256

6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
SHA512

0d2ff256b0dd26d1fdebd29405d6531297b711ab6d9dd9d62d3de1c545c29798aaceab8aaca9fd068bd768283d0bd3fce87861f29206a096039fe52380e291a2

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
- Size
  
  1.0MB
- MD5
  
  ba6d7442594e9953cde6bc7f376ccbb6
- SHA1
  
  933aaccb99adb26e2061e89294649e633899cce4
- SHA256
  
  6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
- SHA512
  
  0d2ff256b0dd26d1fdebd29405d6531297b711ab6d9dd9d62d3de1c545c29798aaceab8aaca9fd068bd768283d0bd3fce87861f29206a096039fe52380e291a2
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy