hawkeye | 404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b | Triage

Submit
Reports

Overview

overview

Static

static

404bb69111...1b.exe

windows7_x64

404bb69111...1b.exe

windows10-2004_x64

9

Sharing

General

Target

404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
Size

741KB
Sample

220708-yyasqahfd8
MD5

0565c84b96a8af71f996b2188e88414e
SHA1

f8aad0b9f224b8b09a8459819ceb54d7f75ad39e
SHA256

404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
SHA512

57de3800b036048067dc1c6111270cb25a42c947489cd7f155c7895b5a40d1f89f24743add26ee77e70ebaeb9d190b2c823f572a7927471eaf49a2c890f8f177

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b.exe

Resource

win7-20220414-en

hawkeye collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
- Size
  
  741KB
- MD5
  
  0565c84b96a8af71f996b2188e88414e
- SHA1
  
  f8aad0b9f224b8b09a8459819ceb54d7f75ad39e
- SHA256
  
  404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
- SHA512
  
  57de3800b036048067dc1c6111270cb25a42c947489cd7f155c7895b5a40d1f89f24743add26ee77e70ebaeb9d190b2c823f572a7927471eaf49a2c890f8f177
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy