hawkeye | 2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683 | Triage

Submit
Reports

Overview

overview

Static

static

2710e3dfd3...83.exe

windows7-x64

2710e3dfd3...83.exe

windows10-2004-x64

Sharing

General

Target

2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683
Size

537KB
Sample

221125-j28ftsch97
MD5

bda741621d2e2e2a08c9f1175592ea8a
SHA1

e5cb8cdf41a6fa09fbba66064f77088f4b1b545e
SHA256

2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683
SHA512

3194a377d3b14f92c86946712a49d53aade57556868d9205e62d624634509a8e8794ea60d98b95b73f26fad14bd65366743a2d59ad870c4849ad16b21331ad65
SSDEEP

6144:WcjbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91WkMGR:WcjQtqB5urTIoYWBQk1E+VF9mOx91W

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683.exe

Resource

win7-20220812-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683.exe

Resource

win10v2004-20220812-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
wordpass12345

Targets

- Target
  
  2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683
- Size
  
  537KB
- MD5
  
  bda741621d2e2e2a08c9f1175592ea8a
- SHA1
  
  e5cb8cdf41a6fa09fbba66064f77088f4b1b545e
- SHA256
  
  2710e3dfd3bd476b5eb9138e619daf20a0c3f4a4b509349cc2edfc6c5138d683
- SHA512
  
  3194a377d3b14f92c86946712a49d53aade57556868d9205e62d624634509a8e8794ea60d98b95b73f26fad14bd65366743a2d59ad870c4849ad16b21331ad65
- SSDEEP
  
  6144:WcjbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91WkMGR:WcjQtqB5urTIoYWBQk1E+VF9mOx91W
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy