hawkeye | 8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8 | Triage

Submit
Reports

Overview

overview

Static

static

8c746fba62...a8.exe

windows7-x64

8c746fba62...a8.exe

windows10-2004-x64

Sharing

General

Target

8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8
Size

774KB
Sample

220731-ksy2gaghd8
MD5

68a41808ee9c962f1b2ddd6c66bd86f5
SHA1

1f18c2a5bc5f1be2b2857f6b3943a8d3cfb1a28d
SHA256

8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8
SHA512

c04719c25a8f4882ea951ea96af4715e041ebda783a5a833717614a3f3865c51202dda786cb87f7b84d4f834ae6c1ef4619ced72d4c16c5e60d8c51d5c747acd

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8.exe

Resource

win7-20220718-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8.exe

Resource

win10v2004-20220722-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8
- Size
  
  774KB
- MD5
  
  68a41808ee9c962f1b2ddd6c66bd86f5
- SHA1
  
  1f18c2a5bc5f1be2b2857f6b3943a8d3cfb1a28d
- SHA256
  
  8c746fba62e2b97d13c9b437eaa82510d0df7141615a6319f0409b4955494ba8
- SHA512
  
  c04719c25a8f4882ea951ea96af4715e041ebda783a5a833717614a3f3865c51202dda786cb87f7b84d4f834ae6c1ef4619ced72d4c16c5e60d8c51d5c747acd
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy