hawkeye | bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493 | Triage

Submit
Reports

Overview

overview

Static

static

bf0182ff20...93.exe

windows7-x64

bf0182ff20...93.exe

windows10-2004-x64

Sharing

General

Target

bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493
Size

653KB
Sample

221125-vw2a4scd27
MD5

c765709954de589501952d9c5b2dcf37
SHA1

ee8224513cca860bb63f4238811b8e31fa7a3ccb
SHA256

bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493
SHA512

4a8b65ec4464848031055bf83b5098a7a5f61ccb0dab1ee7f59bc21d13d57ff7eae04e3c81afc5b01a7ea38d1fbc56f5fa11b63d7c933fc0896a1d6de0641ba7
SSDEEP

12288:vJDGvAfVK0Y3WqT+SyoBBUU8SuZHX5wfIHn5UrhJZtimjWQ0NWJ7Zgr96:vwkK0Y3WqTnMdJwQHYyQ0NC7ZgrI

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493.exe

Resource

win7-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493
- Size
  
  653KB
- MD5
  
  c765709954de589501952d9c5b2dcf37
- SHA1
  
  ee8224513cca860bb63f4238811b8e31fa7a3ccb
- SHA256
  
  bf0182ff20cf0172a53c4935e2998cefc7bbe3e2ed367d8863c4051b63214493
- SHA512
  
  4a8b65ec4464848031055bf83b5098a7a5f61ccb0dab1ee7f59bc21d13d57ff7eae04e3c81afc5b01a7ea38d1fbc56f5fa11b63d7c933fc0896a1d6de0641ba7
- SSDEEP
  
  12288:vJDGvAfVK0Y3WqT+SyoBBUU8SuZHX5wfIHn5UrhJZtimjWQ0NWJ7Zgr96:vwkK0Y3WqTnMdJwQHYyQ0NC7ZgrI
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy