hawkeye | 7b254a2cbf01fcd8fe279f23f1b07964e398fbdcd3f7de77701850f043387f46 | Triage

Submit
Reports

Overview

overview

Static

static

PO-05nr347.exe

windows7_x64

PO-05nr347.exe

windows10-2004_x64

Sharing

General

Target

7b254a2cbf01fcd8fe279f23f1b07964e398fbdcd3f7de77701850f043387f46
Size

518KB
Sample

220521-nxn9lsecd5
MD5

e3de02d36e2bb4441992285597c202a7
SHA1

5039fa0c800acd954f0b57f395e97f33034ad262
SHA256

7b254a2cbf01fcd8fe279f23f1b07964e398fbdcd3f7de77701850f043387f46
SHA512

0fb96e83b7b5d76b7c2ada607c58152c22b8549237461efd3e7ad9a7ce33c99e99f72f90378a16fa358660c468c0bda4bbbee2985cf9732003a8e8246a7eb6ec

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO-05nr347.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-05nr347.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.mail.com
Port:
587
Username:
fuyutong.ar@accountant.com
Password:
payments00

Targets

- Target
  
  PO-05nr347.exe
- Size
  
  798KB
- MD5
  
  67241ed39592f25b9d8d00bfe826affd
- SHA1
  
  ac0d76837ffffa4065c7a617ca397d16ed259c70
- SHA256
  
  77728dc00d957e7c3a175b58f539ed1ce895595832f3ff527aac52a10b185565
- SHA512
  
  e077adeb8ee3eb37a47776df65f954626aa7f6db8d4ac87d30c4505cee87e103f116c90e65eb9a94283e284b866d8d254bee858e17b2e21d3aad36b3fa753ae0
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy