hawkeye | 1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92 | Triage

Submit
Reports

Overview

overview

Static

static

1e23bf9990...92.exe

windows7_x64

1e23bf9990...92.exe

windows10-2004_x64

Sharing

General

Target

1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
Size

520KB
Sample

220708-r2d6zsecal
MD5

551f0928da0bfe0e3c24b891ba8f5cce
SHA1

27c8eafe381fb2219df2e2d4be53d3ef14ffb333
SHA256

1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
SHA512

4c57a6edaaac1b6d155f208dcdcdc2328144c69bb47a7a60b565b545657806d148a4c2c49e426432786d2042e163aa9eeee2cc2ccf7b25a60d038e1770bba529

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92.exe

Resource

win10v2004-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.mail.ru
Port:
587
Username:
aadfsasd@bk.ru
Password:
123132123qq

Targets

- Target
  
  1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
- Size
  
  520KB
- MD5
  
  551f0928da0bfe0e3c24b891ba8f5cce
- SHA1
  
  27c8eafe381fb2219df2e2d4be53d3ef14ffb333
- SHA256
  
  1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
- SHA512
  
  4c57a6edaaac1b6d155f208dcdcdc2328144c69bb47a7a60b565b545657806d148a4c2c49e426432786d2042e163aa9eeee2cc2ccf7b25a60d038e1770bba529
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy