hawkeye | 12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b | Triage

Submit
Reports

Overview

overview

Static

static

12608321b3...2b.exe

windows7-x64

12608321b3...2b.exe

windows10-2004-x64

Sharing

General

Target

12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
Size

1.0MB
Sample

221011-xckv5ahgb5
MD5

03a6f05f998a2c1da3bbe3dba6f44917
SHA1

b9a38f68387f77ed9b752f056bda282580a52ca8
SHA256

12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
SHA512

d45f3792eba2e04b5f1c9686ee7711f6a2edc976e4f770f34cdff86bb537aeb247d1fe0b705c5cea8860cf32245794b95f2a156597136a168e5c1a953ef929f9
SSDEEP

24576:jBxiZeC6Lj/mHlOdBBR6x/a2fQY5kfqFGlwpV:jLiZeC4TOOdBn0LfTqfqFJL

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b.exe

Resource

win7-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b.exe

Resource

win10v2004-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
- Size
  
  1.0MB
- MD5
  
  03a6f05f998a2c1da3bbe3dba6f44917
- SHA1
  
  b9a38f68387f77ed9b752f056bda282580a52ca8
- SHA256
  
  12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
- SHA512
  
  d45f3792eba2e04b5f1c9686ee7711f6a2edc976e4f770f34cdff86bb537aeb247d1fe0b705c5cea8860cf32245794b95f2a156597136a168e5c1a953ef929f9
- SSDEEP
  
  24576:jBxiZeC6Lj/mHlOdBBR6x/a2fQY5kfqFGlwpV:jLiZeC4TOOdBn0LfTqfqFJL
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy