hawkeye | 272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8 | Triage

Submit
Reports

Overview

overview

Static

static

272736423d...c8.exe

windows7-x64

272736423d...c8.exe

windows10-2004-x64

Sharing

General

Target

272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8
Size

944KB
Sample

221126-qp8z6aaf8v
MD5

7d09a13aadbf2136d702e954e0e19825
SHA1

f9fda392b1e025092b6f1399727e9f9f044adc6f
SHA256

272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8
SHA512

823114d849f886dd5f233f8831694cf0e47d50318e6023c0f3a34a79645eb2a603dce0c810a5afa55067da69b0e75783512937c340333ae223b24e57a24660ac
SSDEEP

12288:YluWfMSB0ml1ruEdVDsebbpCujElQnpPz78xQwLXZrcbO6nTWZSFb:nQMRQ1ruuVw68OOe6i

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8
- Size
  
  944KB
- MD5
  
  7d09a13aadbf2136d702e954e0e19825
- SHA1
  
  f9fda392b1e025092b6f1399727e9f9f044adc6f
- SHA256
  
  272736423d611ae090e946a4b9f0dd7b0122be7a32765ef24b315eb9b6d6d5c8
- SHA512
  
  823114d849f886dd5f233f8831694cf0e47d50318e6023c0f3a34a79645eb2a603dce0c810a5afa55067da69b0e75783512937c340333ae223b24e57a24660ac
- SSDEEP
  
  12288:YluWfMSB0ml1ruEdVDsebbpCujElQnpPz78xQwLXZrcbO6nTWZSFb:nQMRQ1ruuVw68OOe6i
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy