hawkeye | d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd | Triage

Submit
Reports

Overview

overview

Static

static

PURCHASE ORDER.exe

windows7_x64

PURCHASE ORDER.exe

windows10_x64

Sharing

General

Target

PURCHASE ORDER.exe
Size

951KB
Sample

201120-vbgq287yks
MD5

8e2337f7cdd4bcd18e862b7a73734d49
SHA1

457de2e691794711d257ab9c6315d6f26465ce1a
SHA256

d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd
SHA512

7cf93e3fb60f69895a23fd8537e36394779a7a8307091691006e56ec3465d57ecfcb854327acfcf0b184e126a1bf8e6994234155e5ce020caa4bd66fe01c597b

Score

10^/10

hawkeye keylogger spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

PURCHASE ORDER.exe

Resource

win7v20201028

hawkeye keylogger spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PURCHASE ORDER.exe

Resource

win10v20201028

hawkeye keylogger spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.iigcest.com
Port:
587
Username:
ansaf@iigcest.com
Password:
Ans2016@

Targets

- Target
  
  PURCHASE ORDER.exe
- Size
  
  951KB
- MD5
  
  8e2337f7cdd4bcd18e862b7a73734d49
- SHA1
  
  457de2e691794711d257ab9c6315d6f26465ce1a
- SHA256
  
  d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd
- SHA512
  
  7cf93e3fb60f69895a23fd8537e36394779a7a8307091691006e56ec3465d57ecfcb854327acfcf0b184e126a1bf8e6994234155e5ce020caa4bd66fe01c597b
Score

10^/10

hawkeye keylogger spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerspywarestealertrojanupx

behavioral2

hawkeyekeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy