hawkeye | 5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265 | Triage

Submit
Reports

Overview

overview

Static

static

5b76d300f9...65.exe

windows7-x64

5b76d300f9...65.exe

windows10-2004-x64

7

Sharing

General

Target

5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
Size

3.2MB
Sample

220801-v9wmsafdd7
MD5

5687085673a9d92c724dcadc69468181
SHA1

e35f1aaccabdc6ba6a71c2e426fedf7fecd00e5a
SHA256

5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
SHA512

6639f671e2b53fc19602428ad0163a4d9609e3c47b5f6bf0aed6a8c4dbcb3263eefa606690305cbc3312ccab1ac8d3d7963eed00848b1648332ba598b9839ef8

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265.exe

Resource

win7-20220718-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265.exe

Resource

win10v2004-20220722-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
- Size
  
  3.2MB
- MD5
  
  5687085673a9d92c724dcadc69468181
- SHA1
  
  e35f1aaccabdc6ba6a71c2e426fedf7fecd00e5a
- SHA256
  
  5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
- SHA512
  
  6639f671e2b53fc19602428ad0163a4d9609e3c47b5f6bf0aed6a8c4dbcb3263eefa606690305cbc3312ccab1ac8d3d7963eed00848b1648332ba598b9839ef8
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy