hawkeye | 97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17 | Triage

Submit
Reports

Overview

overview

Static

static

97f3bba0af...17.exe

windows7-x64

97f3bba0af...17.exe

windows10-2004-x64

Sharing

General

Target

97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17
Size

445KB
Sample

221125-phgrnaga64
MD5

660d0e54b6ba5a5ea3a6de8180f319ad
SHA1

0051f49583abd91919ee46cd91377483d51ee7d3
SHA256

97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17
SHA512

ccc61ad3a55f41f7b4c3f54bb84d243bbcab71a082f109ffbf234c37a84a63d16632ea1f86cc101554d3199d3e5334dff980207eb3190ebd496f3d52b1908e1a
SSDEEP

12288:h/vZwod3VzlRuM3umMwIWrBZgAax/Y5lZ:h/Ood9lU8vIWlchYLZ

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17.exe

Resource

win7-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17
- Size
  
  445KB
- MD5
  
  660d0e54b6ba5a5ea3a6de8180f319ad
- SHA1
  
  0051f49583abd91919ee46cd91377483d51ee7d3
- SHA256
  
  97f3bba0af518302b6aebef50d4006e8a13bc172103c543ff6b801be4cefcf17
- SHA512
  
  ccc61ad3a55f41f7b4c3f54bb84d243bbcab71a082f109ffbf234c37a84a63d16632ea1f86cc101554d3199d3e5334dff980207eb3190ebd496f3d52b1908e1a
- SSDEEP
  
  12288:h/vZwod3VzlRuM3umMwIWrBZgAax/Y5lZ:h/Ood9lU8vIWlchYLZ
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy