hawkeye | 3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d | Triage

Submit
Reports

Overview

overview

Static

static

3b163eddf8...3d.exe

windows7_x64

3b163eddf8...3d.exe

windows10-2004_x64

Sharing

General

Target

3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d
Size

661KB
Sample

220311-bhmq1shaeq
MD5

a302f849f03f9d0986062f4eb4032824
SHA1

15848e1df366bf37158cc70ab13f01a693a733f0
SHA256

3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d
SHA512

46154fc25ce18e92d0c360d9bb8a323304824bb6ae6a0c73a6dad64721d4891a2536b3f40b5c0ac76013a9ed3877dbc38470a0d956b8b79ad565d5052731ea36

Score

10^/10

hawkeye revengerat keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d.exe

Resource

win7-20220310-en

hawkeye revengerat keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d.exe

Resource

win10v2004-en-20220113

revengerat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d
- Size
  
  661KB
- MD5
  
  a302f849f03f9d0986062f4eb4032824
- SHA1
  
  15848e1df366bf37158cc70ab13f01a693a733f0
- SHA256
  
  3b163eddf849e4c53923fe275b320081e31badc3f1b42b239bd6efbdbed93e3d
- SHA512
  
  46154fc25ce18e92d0c360d9bb8a323304824bb6ae6a0c73a6dad64721d4891a2536b3f40b5c0ac76013a9ed3877dbc38470a0d956b8b79ad565d5052731ea36
Score

10^/10

hawkeye revengerat keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyerevengeratkeyloggerspywarestealertrojan

behavioral2

revengeratstealertrojan

© 2018-2024

Terms | Privacy