hawkeye | af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb | Triage

Submit
Reports

Overview

overview

Static

static

5

af0bb975d1...eb.exe

windows7-x64

af0bb975d1...eb.exe

windows10-2004-x64

Sharing

General

Target

af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb
Size

2.1MB
Sample

221126-nyrq5aef6x
MD5

a403cc83cd027279a658cc0ae6db995f
SHA1

68bed9cbfa0f622bf43d5e3e69a16a54fc1439d4
SHA256

af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb
SHA512

b4951cd5789dbe9dd6f66ed975b3c41864430460b58285560a5284307db2432ab01d56816519f700ec9cafe01496764522199fb680ba0d91c0c989ba95e7a0bc
SSDEEP

49152:ckwkn9IMHeaOEZvUDZ7+Ml4O7106OpeDJtDSX01v3M/wGC1nAaPCS:XdnVrUDYMl4O710xAxv3CwGCdPC

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb.exe

Resource

win7-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb
- Size
  
  2.1MB
- MD5
  
  a403cc83cd027279a658cc0ae6db995f
- SHA1
  
  68bed9cbfa0f622bf43d5e3e69a16a54fc1439d4
- SHA256
  
  af0bb975d183df9888e786141eeb29d3bebb2bb34da2b6324605faae1da767eb
- SHA512
  
  b4951cd5789dbe9dd6f66ed975b3c41864430460b58285560a5284307db2432ab01d56816519f700ec9cafe01496764522199fb680ba0d91c0c989ba95e7a0bc
- SSDEEP
  
  49152:ckwkn9IMHeaOEZvUDZ7+Ml4O7106OpeDJtDSX01v3M/wGC1nAaPCS:XdnVrUDYMl4O710xAxv3CwGCdPC
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy