hawkeye | 2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3 | Triage

Submit
Reports

Overview

overview

Static

static

2dc1247e14...a3.exe

windows7_x64

9

2dc1247e14...a3.exe

windows10-2004_x64

Sharing

General

Target

2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3
Size

502KB
Sample

220622-q53s3sgbaj
MD5

3d04655fff9858e8791c55ae2044a960
SHA1

fe8126d174403cb0ee84487497f4bc4bfeb3897c
SHA256

2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3
SHA512

faa202892cf1f22dc35beef393bc1f6bf15c7c386af452d16e328a4777eba41cf23c842c263dc0e302c015b6b7620ff3897699addf21017a7702db5c03b518a4

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3
- Size
  
  502KB
- MD5
  
  3d04655fff9858e8791c55ae2044a960
- SHA1
  
  fe8126d174403cb0ee84487497f4bc4bfeb3897c
- SHA256
  
  2dc1247e145ab0f302b661fa5bd0ce4ff2becab31fde1d8b1f827e4e36b793a3
- SHA512
  
  faa202892cf1f22dc35beef393bc1f6bf15c7c386af452d16e328a4777eba41cf23c842c263dc0e302c015b6b7620ff3897699addf21017a7702db5c03b518a4
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy