hawkeye | a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e | Triage

Submit
Reports

Overview

overview

Static

static

a3ad6380bb...3e.exe

windows7-x64

a3ad6380bb...3e.exe

windows10-2004-x64

Sharing

General

Target

a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
Size

550KB
Sample

221124-cngbvsah89
MD5

5a9fff2de2f9912b553c6d4d2eab3d66
SHA1

e43bd2c688b48db645d37a598eeccf9c7570b99e
SHA256

a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
SHA512

9c99e8ecdd55738cb51d661e34f654d6e25293d92041da281327a3dd73b0c28b917e6fbed4164ab3f9195fd5e120f3be598f6395872db15fcb200a9c7897d7db
SSDEEP

12288:PBFZTK6hTEJmB5yC9TgIdwV1FqMd+f7eZX:PBFZu6h0mZpDK+f7e

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e.exe

Resource

win7-20220812-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e.exe

Resource

win10v2004-20220812-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
- Size
  
  550KB
- MD5
  
  5a9fff2de2f9912b553c6d4d2eab3d66
- SHA1
  
  e43bd2c688b48db645d37a598eeccf9c7570b99e
- SHA256
  
  a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
- SHA512
  
  9c99e8ecdd55738cb51d661e34f654d6e25293d92041da281327a3dd73b0c28b917e6fbed4164ab3f9195fd5e120f3be598f6395872db15fcb200a9c7897d7db
- SSDEEP
  
  12288:PBFZTK6hTEJmB5yC9TgIdwV1FqMd+f7eZX:PBFZu6h0mZpDK+f7e
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies WinLogon for persistence
  persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy