hawkeye | ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89 | Triage

Submit
Reports

Overview

overview

Static

static

PAYMENT DETAILS.exe

windows7_x64

PAYMENT DETAILS.exe

windows10-2004_x64

Sharing

General

Target

ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89
Size

567KB
Sample

220521-mz8klafhdl
MD5

3c0ee822bd8279a7ceb81563b70d3011
SHA1

ed8e2ebe4ae21a41b995bf82e25169a2f52b9ce3
SHA256

ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89
SHA512

d7a38d62d7f4e9446ee669e8e19e2eb7107e3a6a1f6f85d8a857bd2f2401f6b3d1e911e6cc37c4a529927c0e3ae9373cca4800c37ee718d880815101afccf6a0

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PAYMENT DETAILS.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PAYMENT DETAILS.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PAYMENT DETAILS.exe
- Size
  
  913KB
- MD5
  
  b9d953083a5b1006d5632d82c7a01d8d
- SHA1
  
  4701c2bccbcfe59c1654c50f0e2800b3ffd062e3
- SHA256
  
  e1bf95bd96a59075ac24eec7c47b3142361ea79c1fb68e2b6039212fba523449
- SHA512
  
  70fb97ac42882e5e62ef07bdfa06de9ab59d37ecfd07f59eecf76081cc34ccff954bd0edbf593eaf8db10da6d560500ba83a36cadb77d1b980fe127cd63ddbf6
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy