hawkeye | 632c1db5916bf6009d159569ef85e8f6c6a2cc787c99ef0368cb38a098ce30e9 | Triage

Submit
Reports

Overview

overview

Static

static

l018576683...DF.exe

windows7_x64

l018576683...DF.exe

windows10-2004_x64

Sharing

General

Target

632c1db5916bf6009d159569ef85e8f6c6a2cc787c99ef0368cb38a098ce30e9
Size

662KB
Sample

220521-aqjtnadeep
MD5

80ab00529d2053c1dd52596ce1ab85a4
SHA1

a5859f10e27eecf6ed0a1b7e24eb6d9e39943a00
SHA256

632c1db5916bf6009d159569ef85e8f6c6a2cc787c99ef0368cb38a098ce30e9
SHA512

f8f80a5cde1e800b8b9a9c7fe45a12bc173eadd7c9e8874d611f79995d7ae3860ca3f98663e04620ec80349363a7e3d6bdf3a82d5f2e6c2caf250b67a433b171

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

l0185766832020805.PDF.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

l0185766832020805.PDF.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  l0185766832020805.PDF.exe
- Size
  
  704KB
- MD5
  
  97b7848d96c0c8597f343302ccb46c2d
- SHA1
  
  7d83dc7b96f9a1b7791410661b314cfd6812e8d9
- SHA256
  
  f530b8632c088e021b96196b12490d2b6c4e7d2ca04b03a8646cc4a45f8de36c
- SHA512
  
  7e5697f22a99f4b1388cc083689b63719c4c0bd4aa88b4c9724952c44ce9bfd677a0cbc916e03ff87b1dc607d89636962dc07a9ee088938ffbc84a0f1da45236
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy