hawkeye | 7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859 | Triage

Submit
Reports

Overview

overview

Static

static

7bfc0bfc9d...59.exe

windows7-x64

7bfc0bfc9d...59.exe

windows10-2004-x64

Sharing

General

Target

7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
Size

516KB
Sample

221125-tcsn7acg3z
MD5

27535665725b1b63c8278c9351282081
SHA1

d3b39aae440180e958e46d6f6b608564a400ecf0
SHA256

7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
SHA512

b61642e82dde8a7d1693727337d9b664a26f0e9d8ea8f3d114e91fd1e54c79c1c67189b0814510b3f7060cd4370b304132fa11f4104adf5fb966d9cd299a9bde
SSDEEP

12288:7+gkMv2OHfbs3Qyu0UTLNhiUGuecoknF4Yp13+uOW3p8FKA5:7+Hc2OwMLNhGyomOYX+4mT

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859.exe

Resource

win7-20220812-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859.exe

Resource

win10v2004-20220901-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
sasuke2013

Targets

- Target
  
  7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
- Size
  
  516KB
- MD5
  
  27535665725b1b63c8278c9351282081
- SHA1
  
  d3b39aae440180e958e46d6f6b608564a400ecf0
- SHA256
  
  7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
- SHA512
  
  b61642e82dde8a7d1693727337d9b664a26f0e9d8ea8f3d114e91fd1e54c79c1c67189b0814510b3f7060cd4370b304132fa11f4104adf5fb966d9cd299a9bde
- SSDEEP
  
  12288:7+gkMv2OHfbs3Qyu0UTLNhiUGuecoknF4Yp13+uOW3p8FKA5:7+Hc2OwMLNhGyomOYX+4mT
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies WinLogon for persistence
  persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy