hawkeye | 37089cae2e7e01065af58c26caf6b8bc51cf5b12e14fe34a9c3c4de686680a5f | Triage

Submit
Reports

Overview

overview

Static

static

Payment_PO.exe

windows7_x64

Payment_PO.exe

windows10-2004_x64

Sharing

General

Target

37089cae2e7e01065af58c26caf6b8bc51cf5b12e14fe34a9c3c4de686680a5f
Size

454KB
Sample

220521-bzpxpscgc3
MD5

8545d68c3382001413099c78d31954fd
SHA1

71082545154463fe770c4214add90a4da3338663
SHA256

37089cae2e7e01065af58c26caf6b8bc51cf5b12e14fe34a9c3c4de686680a5f
SHA512

b9151a93e346c4841975b99694cb3d21ea895d538abcd84a53d732a7e5e4daf69a52b99b302410d8c143efc6aeba17b8f1fac377b689f33142527fde19d83931

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment_PO.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment_PO.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment_PO.exe
- Size
  
  627KB
- MD5
  
  7d98f4732cff55ffe7505d4c020ac2dc
- SHA1
  
  ec9b164ea991a90ec7224a3612ca7303a24edf05
- SHA256
  
  893c4fed40fd177ccf67add3628dafa31ce34c2e3b77aac29fcc6d2b52be9ef4
- SHA512
  
  49cda046d919a9bd39e19ccfbd3136689f9b7e8edbaf3b0dcce3bb62dec3ac80b2e28c247176cf92dfb95c0800a6fb9d24d5442220ea5112ee31340e3b3ad858
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy