hawkeye | dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
Size

473KB
Sample

220830-fwthyaccap
MD5

18e1a962b365f75f8c7e7b3b1985f2a2
SHA1

6672f2dde2660b905c9c96c1042035819fc06408
SHA256

dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
SHA512

e98cb0e0fe2c0e4d0e2534f4f331e238cb3a3f80f772c4dc97d539346fa6d6a51b2d8c48320b0fd8452b5101ee1820a65ced1eee8f9c5d9a24e3c575f8418891
SSDEEP

12288:EPXqahuwJqPbKWA7FtUhUopAbm6rkpBcZvmbEAhQy:W6aGKTFKhrpWm6rFvWEAKy

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9.exe

Resource

win7-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9.exe

Resource

win10-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tasdanlar.com.tr
Port:
21
Username:
kizzy01@tasdanlar.com.tr
Password:
T,N-5SD@]@26

Targets

- Target
  
  dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
- Size
  
  473KB
- MD5
  
  18e1a962b365f75f8c7e7b3b1985f2a2
- SHA1
  
  6672f2dde2660b905c9c96c1042035819fc06408
- SHA256
  
  dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
- SHA512
  
  e98cb0e0fe2c0e4d0e2534f4f331e238cb3a3f80f772c4dc97d539346fa6d6a51b2d8c48320b0fd8452b5101ee1820a65ced1eee8f9c5d9a24e3c575f8418891
- SSDEEP
  
  12288:EPXqahuwJqPbKWA7FtUhUopAbm6rkpBcZvmbEAhQy:W6aGKTFKhrpWm6rFvWEAKy
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy