hawkeye | cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c | Triage

Submit
Reports

Overview

overview

Static

static

cbab412d11...5c.exe

windows7-x64

cbab412d11...5c.exe

windows10-2004-x64

Sharing

General

Target

cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c
Size

420KB
Sample

221123-ad25gahc5y
MD5

241fce54b2ba9860c80dc4d71770c252
SHA1

f530737a14de53d538057e307f9b3cd53dde3e83
SHA256

cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c
SHA512

21a4cd7fe2450421519a11f94e03b039c0abcb3626528d548f0a977fbcdd11a25a7a45c7d356729a12395282714ea289e24528157a7b5027b88fd2466830dbcc
SSDEEP

6144:efeyDOoDF8bnB+JVYCdcYvcA1k1Zde9XsDo4w0cEKbLFaEjflZJlfP+FPIvR:hJoZ4AAA8A1kdeFsDo48TLFa8/bn+Fe

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c.exe

Resource

win7-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c
- Size
  
  420KB
- MD5
  
  241fce54b2ba9860c80dc4d71770c252
- SHA1
  
  f530737a14de53d538057e307f9b3cd53dde3e83
- SHA256
  
  cbab412d11a02618573c38c89c0d651450800e210599620d7d26f7c30210415c
- SHA512
  
  21a4cd7fe2450421519a11f94e03b039c0abcb3626528d548f0a977fbcdd11a25a7a45c7d356729a12395282714ea289e24528157a7b5027b88fd2466830dbcc
- SSDEEP
  
  6144:efeyDOoDF8bnB+JVYCdcYvcA1k1Zde9XsDo4w0cEKbLFaEjflZJlfP+FPIvR:hJoZ4AAA8A1kdeFsDo48TLFa8/bn+Fe
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy