hawkeye | 5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff | Triage

Submit
Reports

Overview

overview

Static

static

5b2acc95cb...ff.exe

windows7-x64

5b2acc95cb...ff.exe

windows10-2004-x64

7

Sharing

General

Target

5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
Size

1018KB
Sample

220802-a37fgsbha4
MD5

2933735ffb865073c2b817e16c631a86
SHA1

90888d8cb8be66f087d3ffc48fbd30b815bb7bdf
SHA256

5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
SHA512

168a98aedeaff9a9de0f919f10afb456a76667e2eea375123860edf86390a23441d299e842cc42b42c9424b754460c64f2c02618e364bb84ba5f31e73aa0f072

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff.exe

Resource

win7-20220718-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
devidochiboy@vivaldi.net
Password:
qwerty#$12rt

Targets

- Target
  
  5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
- Size
  
  1018KB
- MD5
  
  2933735ffb865073c2b817e16c631a86
- SHA1
  
  90888d8cb8be66f087d3ffc48fbd30b815bb7bdf
- SHA256
  
  5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
- SHA512
  
  168a98aedeaff9a9de0f919f10afb456a76667e2eea375123860edf86390a23441d299e842cc42b42c9424b754460c64f2c02618e364bb84ba5f31e73aa0f072
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy