hawkeye | 6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554 | Triage

Submit
Reports

Overview

overview

Static

static

6ff79e8a16...54.exe

windows7-x64

6ff79e8a16...54.exe

windows10-2004-x64

Sharing

General

Target

6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554
Size

678KB
Sample

221125-jjljcafb2z
MD5

c396c2b9a9274d0ba86dab15f7d7705d
SHA1

d4bf29af161afdcbdf02ec0ebaa684165b6cc391
SHA256

6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554
SHA512

011f02dbad51461c000e8204c1060002f16cb04c7b559d0e829723084f52cfc4506093f4a55bd9f46b9c8dfeb3524369296caf17c83fc8337710c8337a77000c
SSDEEP

12288:3Qon3SGBNs7NqLwCiBWE4vSzdgBUiDiXaQ9QY1pCicF1/4RvSHorqjHU:gz1uDhUi2qUXKic/6vO9H

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554.exe

Resource

win7-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554.exe

Resource

win10v2004-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554
- Size
  
  678KB
- MD5
  
  c396c2b9a9274d0ba86dab15f7d7705d
- SHA1
  
  d4bf29af161afdcbdf02ec0ebaa684165b6cc391
- SHA256
  
  6ff79e8a162ef93ec20b00a5886f515906ea0df11e1cc9b0da3af1835d0a2554
- SHA512
  
  011f02dbad51461c000e8204c1060002f16cb04c7b559d0e829723084f52cfc4506093f4a55bd9f46b9c8dfeb3524369296caf17c83fc8337710c8337a77000c
- SSDEEP
  
  12288:3Qon3SGBNs7NqLwCiBWE4vSzdgBUiDiXaQ9QY1pCicF1/4RvSHorqjHU:gz1uDhUi2qUXKic/6vO9H
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy