hawkeye | 0d9620cc6f13557348009640f972fef49c151e28e8a6513fb5fc0e8cce54fee9 | Triage

Submit
Reports

Overview

overview

Static

static

order.exe

windows7_x64

order.exe

windows10-2004_x64

Sharing

General

Target

0d9620cc6f13557348009640f972fef49c151e28e8a6513fb5fc0e8cce54fee9
Size

667KB
Sample

220521-byh3rsfgcl
MD5

a4f7e17094650915389b3bf9c9ce6d6e
SHA1

002af5c09b3eec8c9d5bd027273259472bdb492c
SHA256

0d9620cc6f13557348009640f972fef49c151e28e8a6513fb5fc0e8cce54fee9
SHA512

753c45cdf486eda839c60c1d6c8e7865b7d84e68a8b4f247211001fe44c2fa93a41f23a30292fe907ff534aa036288136bb474952d8739528590598ba638db60

Score

10^/10

hawkeye collection evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

order.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

order.exe

Resource

win10v2004-20220414-en

hawkeye collection evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  order.exe
- Size
  
  713KB
- MD5
  
  0b6d5d917fd841fc0ccb900d1d0817d2
- SHA1
  
  fe706ce3530b8be18f49a195c621dfc77b4f2fce
- SHA256
  
  01c7dd686988aded4a1730159eaaa2f4ecfb9f53dc93a3f9ba0503b7698aa454
- SHA512
  
  b83f7d278553e06903bbc798cfbea3d671b86756a04d2562db33da3e406f7124c1e3862a0286c9406ada254e8e173af428d8364296d309db55689121ac9a50a1
Score

10^/10

evasion trojan hawkeye collection keylogger spyware stealer
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy