hawkeye | e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf | Triage

Submit
Reports

Overview

overview

Static

static

e7f9cef9cd...df.exe

windows7-x64

e7f9cef9cd...df.exe

windows10-2004-x64

Sharing

General

Target

e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf
Size

1.1MB
Sample

221122-wcqkyafc6x
MD5

2e0d25b2ad53984ffe2bbae5e57b6cf6
SHA1

b932fbfe860c861fc308a6a0b81671f5fc41c847
SHA256

e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf
SHA512

c3499911813484a67573d49c9a377093c7e7339dff81e38fcdb1ab90169b94e28fb4dbe7810db5b7babc4b754f2edfb6f001634cd638f9dfd9ebae073cc1983b
SSDEEP

24576:qccWPybOu+WMSxu8khASE6efjd4QbdnFjqWrWwh1+7l:qGwOupdKA6AjdX

Score

10^/10

hawkeye microsoft collection keylogger persistence phishing spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf.exe

Resource

win7-20220901-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf.exe

Resource

win10v2004-20220901-en

hawkeye microsoft collection keylogger persistence phishing spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf
- Size
  
  1.1MB
- MD5
  
  2e0d25b2ad53984ffe2bbae5e57b6cf6
- SHA1
  
  b932fbfe860c861fc308a6a0b81671f5fc41c847
- SHA256
  
  e7f9cef9cd8d489a41dc42e290f0c36c434132bd8a46ea19a7fb52fd170b3bdf
- SHA512
  
  c3499911813484a67573d49c9a377093c7e7339dff81e38fcdb1ab90169b94e28fb4dbe7810db5b7babc4b754f2edfb6f001634cd638f9dfd9ebae073cc1983b
- SSDEEP
  
  24576:qccWPybOu+WMSxu8khASE6efjd4QbdnFjqWrWwh1+7l:qGwOupdKA6AjdX
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan microsoft phishing
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyemicrosoftcollectionkeyloggerpersistencephishingspywarestealertrojan

© 2018-2024

Terms | Privacy