Overview

overview

10

Static

static

16dcbff85a...a4.exe

windows7_x64

10

16dcbff85a...a4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16dcbff85a4dec40a185e8b99aba36a4

  • Size

    2.1MB

  • Sample

    201117-rvnv59pjp2

  • MD5

    851c27479874066a31f0cb90934388cd

  • SHA1

    87900e18d44ff9c6195154a459e75d29e3f12aad

  • SHA256

    10239fd8380cf3ef7a0d7345af72e6921d92338fc383a5335f333dbff5aba4ad

  • SHA512

    112dab593810403dd65395a9dffc2ff5216bf4fb08cc7c74b3bfd4d6f1f00ca231950475db960e25b2eeaba7cd7b7a3905c6505b8c69293d0b463fc4f700b035

Score
10/10
hawkeyekeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      16dcbff85a4dec40a185e8b99aba36a4

    • Size

      2.1MB

    • MD5

      851c27479874066a31f0cb90934388cd

    • SHA1

      87900e18d44ff9c6195154a459e75d29e3f12aad

    • SHA256

      10239fd8380cf3ef7a0d7345af72e6921d92338fc383a5335f333dbff5aba4ad

    • SHA512

      112dab593810403dd65395a9dffc2ff5216bf4fb08cc7c74b3bfd4d6f1f00ca231950475db960e25b2eeaba7cd7b7a3905c6505b8c69293d0b463fc4f700b035

    Score
    10/10
    hawkeyekeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks