hawkeye | 47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1 | Triage

Submit
Reports

Overview

overview

Static

static

47461814a2...e1.exe

windows7_x64

47461814a2...e1.exe

windows10_x64

Sharing

General

Target

47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
Size

963KB
Sample

201114-ljzr4f4fln
MD5

e3dc8a06c6868795cb371abb1a5f7c77
SHA1

ef5ddff29f5c777062e54c97f17eeb238c41e7cf
SHA256

47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
SHA512

8a0d21e1860fb75543fa1d27c416fcd01fe980d1c4e8fa4c0cf8dbfb418e1a187f8e93908c25332b6709783d73663e9b0e34d83387d639f582f8a718a85bdd98

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
- Size
  
  963KB
- MD5
  
  e3dc8a06c6868795cb371abb1a5f7c77
- SHA1
  
  ef5ddff29f5c777062e54c97f17eeb238c41e7cf
- SHA256
  
  47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
- SHA512
  
  8a0d21e1860fb75543fa1d27c416fcd01fe980d1c4e8fa4c0cf8dbfb418e1a187f8e93908c25332b6709783d73663e9b0e34d83387d639f582f8a718a85bdd98
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy