hawkeye | 36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144 | Triage

Submit
Reports

Overview

overview

Static

static

36de81e7cd...44.exe

windows7_x64

36de81e7cd...44.exe

windows10-2004_x64

Sharing

General

Target

36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144
Size

926KB
Sample

220626-bkxzrsddb4
MD5

ba91c8c1f73dd26cff5233f11f956a1f
SHA1

30e945963c2dadec3517e8a0dc357ed10fa8b4f2
SHA256

36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144
SHA512

f340ca055712a1412fecf72fa4440efd23578eda151018471606ecaac565bd10bb187cdae3e079f1e00a68f1dce020cc6d6c28714a1cbb931db407ab09bcd569

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144.exe

Resource

win7-20220414-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
moneybag@morefunds1.com
Password:
PCyo#$h0

Targets

- Target
  
  36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144
- Size
  
  926KB
- MD5
  
  ba91c8c1f73dd26cff5233f11f956a1f
- SHA1
  
  30e945963c2dadec3517e8a0dc357ed10fa8b4f2
- SHA256
  
  36de81e7cd6e58847ec1481e208b604b7bf2512249413a8a72181f4fd08f2144
- SHA512
  
  f340ca055712a1412fecf72fa4440efd23578eda151018471606ecaac565bd10bb187cdae3e079f1e00a68f1dce020cc6d6c28714a1cbb931db407ab09bcd569
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy