Overview

overview

10

Static

static

7f7af2a04e...9f.exe

windows7-x64

10

7f7af2a04e...9f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f

  • Size

    664KB

  • Sample

    221125-vkeb7sbg95

  • MD5

    5919a7ccf6d76ed841dce48369da540a

  • SHA1

    4fc953413eb0783afe3bec31b1b24a3c4b422ef6

  • SHA256

    7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f

  • SHA512

    0a982e5382fdfd05f9251a213d847f695583940cad2ecafc4b88e11f10d08a31f1000ac249fb5ea585cf426fa87fc3815f735faff297bc6987027dfce483a9cf

  • SSDEEP

    12288:kIwGukpCZ3yn7ltW0HJtKDL7p6TUCVftOtDcZ6evtlsEOFPNnoGH7:r70cW0HJtK7p6TtO9cZ6ebhcP

Score
10/10
hawkeyecollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mail.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    steve12345

Targets

    • Target

      7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f

    • Size

      664KB

    • MD5

      5919a7ccf6d76ed841dce48369da540a

    • SHA1

      4fc953413eb0783afe3bec31b1b24a3c4b422ef6

    • SHA256

      7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f

    • SHA512

      0a982e5382fdfd05f9251a213d847f695583940cad2ecafc4b88e11f10d08a31f1000ac249fb5ea585cf426fa87fc3815f735faff297bc6987027dfce483a9cf

    • SSDEEP

      12288:kIwGukpCZ3yn7ltW0HJtKDL7p6TUCVftOtDcZ6evtlsEOFPNnoGH7:r70cW0HJtK7p6TtO9cZ6ebhcP

    Score
    10/10
    hawkeyecollectionkeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks