hawkeye | 200c2c1ad502a7c015d39f513cce255f0eeaaecd1befea68d7cc0d2ba673d524 | Triage

Submit
Reports

Overview

overview

Static

static

Payment_PO.exe

windows7_x64

Payment_PO.exe

windows10-2004_x64

Sharing

General

Target

200c2c1ad502a7c015d39f513cce255f0eeaaecd1befea68d7cc0d2ba673d524
Size

454KB
Sample

220521-pcrdxaacbq
MD5

32b98782e6c8f83729913bf7eabb4c7b
SHA1

ee6df23a1421899b5451ae3fe24e8ff1de8a5b65
SHA256

200c2c1ad502a7c015d39f513cce255f0eeaaecd1befea68d7cc0d2ba673d524
SHA512

1c594c83281ab50f56d566d3e7f9d9d86cc707fa27293f0666839bf3504b9f9c3c42a827130ae184d374f7fc9caaad9a722c3a5ac8dae22207df9ec4d01cabc9

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment_PO.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment_PO.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment_PO.exe
- Size
  
  627KB
- MD5
  
  44a449e8130ba1528b8c87c8c57f1a6e
- SHA1
  
  3b41b67685d59d48bed981ecf5930852a21e0080
- SHA256
  
  17f48452ba71f7bbf410015c1eb67099aefb5da9ee9e61aea0ae323ca339bc1a
- SHA512
  
  0c770a0fde2a85fbfd0b0397a1495187360a5742d8e6e9ec85316a6b4c7821a758319fc91b68c9bf245cb5045a017c695570199d3e151ff81eb1fb8a2ae65f45
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy