hawkeye | 8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62 | Triage

Submit
Reports

Overview

overview

Static

static

8dccb5c233...62.exe

windows7-x64

8dccb5c233...62.exe

windows10-2004-x64

Sharing

General

Target

8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62
Size

502KB
Sample

221123-qznrzafc47
MD5

d05fe3b7a0fe2a6dccc9d212f7c744b3
SHA1

36be6ed26d476e44e3956404d95ba4ea27d1f066
SHA256

8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62
SHA512

3d32d56dc28e4b1f7363bdb0784a3ed54637e0ad0bf01eddfe4a169112b3278feec59e9badf37901afed6ae17ccf18749ae545958ff5a6cd2e33351d6d44b8b3
SSDEEP

6144:TCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9rH6:GQtqB5urTIoYWBQk1E+VF9mOx9u

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62
- Size
  
  502KB
- MD5
  
  d05fe3b7a0fe2a6dccc9d212f7c744b3
- SHA1
  
  36be6ed26d476e44e3956404d95ba4ea27d1f066
- SHA256
  
  8dccb5c2336a22213ffac77d84277ca2e061e2395b008c0d3739878e6a22cb62
- SHA512
  
  3d32d56dc28e4b1f7363bdb0784a3ed54637e0ad0bf01eddfe4a169112b3278feec59e9badf37901afed6ae17ccf18749ae545958ff5a6cd2e33351d6d44b8b3
- SSDEEP
  
  6144:TCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9rH6:GQtqB5urTIoYWBQk1E+VF9mOx9u
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy