Overview

overview

10

Static

static

2f1a1d0577...b7.exe

windows7_x64

10

2f1a1d0577...b7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7

  • Size

    777KB

  • Sample

    220621-3xh5xshhe4

  • MD5

    945b5b1d0b633bc4617e344613bd3f73

  • SHA1

    7cbca5c913ec0cd21931991345a6fe5dcf730d38

  • SHA256

    2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7

  • SHA512

    f8393382e64ded2dddf8c8fb0ea022b47648f8c81253f434b94098ab9af742f62dcced34743b3ff165df1495c366ca60409a3d3c4e46c6fca728cda55e98f989

Score
10/10
hawkeyecollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7

    • Size

      777KB

    • MD5

      945b5b1d0b633bc4617e344613bd3f73

    • SHA1

      7cbca5c913ec0cd21931991345a6fe5dcf730d38

    • SHA256

      2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7

    • SHA512

      f8393382e64ded2dddf8c8fb0ea022b47648f8c81253f434b94098ab9af742f62dcced34743b3ff165df1495c366ca60409a3d3c4e46c6fca728cda55e98f989

    Score
    10/10
    hawkeyecollectionkeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks