hawkeye | d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb | Triage

Submit
Reports

Overview

overview

Static

static

d739bdb54c...cb.exe

windows7-x64

d739bdb54c...cb.exe

windows10-2004-x64

Sharing

General

Target

d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
Size

728KB
Sample

220724-2h9hwsbad3
MD5

b31b2fd4a9b34a8444a05aa43c7869f6
SHA1

2916e092aebc7070d69f5f698c38e0e88bb651cb
SHA256

d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
SHA512

fca7c2b6079304f69c9d961983c0444d008d21b71d57f81b480032d8ce50c9c349b704d7c391a8d46c885d544b1b7cf53043c4a2e2b9debf8d2c7fe74f7e88a7

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb.exe

Resource

win7-20220718-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb.exe

Resource

win10v2004-20220721-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
- Size
  
  728KB
- MD5
  
  b31b2fd4a9b34a8444a05aa43c7869f6
- SHA1
  
  2916e092aebc7070d69f5f698c38e0e88bb651cb
- SHA256
  
  d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
- SHA512
  
  fca7c2b6079304f69c9d961983c0444d008d21b71d57f81b480032d8ce50c9c349b704d7c391a8d46c885d544b1b7cf53043c4a2e2b9debf8d2c7fe74f7e88a7
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy