hawkeye | 2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86 | Triage

Submit
Reports

Overview

overview

Static

static

2f79996a4e...86.exe

windows7_x64

9

2f79996a4e...86.exe

windows10-2004_x64

Sharing

General

Target

2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
Size

825KB
Sample

220621-y79y6sfad4
MD5

91a939ac483d6fc201bce7807ec673d3
SHA1

bd8ba0259c9f69636ac5ff284547232e01dbd888
SHA256

2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
SHA512

41f7e94fce592a1a2e2b0e36d04d6cdbb0c19b7ebc6538cebd254ae4baf06e2e52655d8c474b8fb785273d40e8d08e4673c1152f6dfd2da8d62e86c89e743de5

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
- Size
  
  825KB
- MD5
  
  91a939ac483d6fc201bce7807ec673d3
- SHA1
  
  bd8ba0259c9f69636ac5ff284547232e01dbd888
- SHA256
  
  2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
- SHA512
  
  41f7e94fce592a1a2e2b0e36d04d6cdbb0c19b7ebc6538cebd254ae4baf06e2e52655d8c474b8fb785273d40e8d08e4673c1152f6dfd2da8d62e86c89e743de5
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy