hawkeye | 510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e | Triage

Submit
Reports

Overview

overview

Static

static

510573af75...2e.exe

windows7-x64

9

510573af75...2e.exe

windows10-2004-x64

Sharing

General

Target

510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
Size

922KB
Sample

220718-w4bk4aeafr
MD5

7e6095adef252a307789fde2a472da27
SHA1

45ea251ad20c3664f2a527b70658a1bd77577d18
SHA256

510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
SHA512

94473305ec14cba709228267229f80b036212b52a18f5a6cb2f15fb715375bfb2a3f1c1a6b9bbe1a2bf2d1cb5010dc2be0e2ce875ce3c6c29a586fd4b21d8974

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e.exe

Resource

win7-20220718-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e.exe

Resource

win10v2004-20220718-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
kennedey.isaac@yandex.com
Password:
jozo2018

Targets

- Target
  
  510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
- Size
  
  922KB
- MD5
  
  7e6095adef252a307789fde2a472da27
- SHA1
  
  45ea251ad20c3664f2a527b70658a1bd77577d18
- SHA256
  
  510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
- SHA512
  
  94473305ec14cba709228267229f80b036212b52a18f5a6cb2f15fb715375bfb2a3f1c1a6b9bbe1a2bf2d1cb5010dc2be0e2ce875ce3c6c29a586fd4b21d8974
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy