hawkeye | 7b74117a34e84a659a35437ab43b27c55f129c1717f92b116dc5533c27bdbc5a | Triage

Submit
Reports

Overview

overview

Static

static

Vape V4 Crack.bin.exe

windows7_x64

Vape V4 Crack.bin.exe

windows10_x64

Sharing

General

Target

te.zip
Size

965KB
Sample

201212-3m21lwlxcs
MD5

291b2906ea58460df28b58f2029c1cf5
SHA1

c8e969ddaa78217f39bc49011e50ef5fd8bc5133
SHA256

7b74117a34e84a659a35437ab43b27c55f129c1717f92b116dc5533c27bdbc5a
SHA512

dfd780f8081251c7dd83ea107452a03149a576e3ea80a6c2ec1f6344fccd8d10022d9e857a51e2cc39d45656937495cb8bc3428967717f8b85a8296ac7690eab

Score

10^/10

hawkeye evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Vape V4 Crack.bin.exe

Resource

win7v20201028

hawkeye evasion keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Vape V4 Crack.bin.exe

Resource

win10v20201028

hawkeye evasion keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
motionalt1@gmail.com
Password:
you@regay

Targets

- Target
  
  Vape V4 Crack.bin
- Size
  
  1.7MB
- MD5
  
  6a669de1d724cc4874c42ae535ca892d
- SHA1
  
  de905655fd632fff874bc907726e9b9a16886ea9
- SHA256
  
  5d45d76577ec4d7429bab8dbfa6f5ff52d947a5c7c6f9ff373456e0c3703e454
- SHA512
  
  23ed610d8a5803934a2a35de40fbd3e55a91d89b436812e0bb8cc692e8d10ce5a9e10e63267084461b13d50a5eeac5ed45df67950e164654e6ba8de859921708
Score

10^/10

hawkeye evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Disabling Security Tools

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyeevasionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyeevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy