hawkeye | 1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc | Triage

Submit
Reports

Overview

overview

Static

static

1716fcc758...bc.exe

windows7-x64

1716fcc758...bc.exe

windows10-2004-x64

Sharing

General

Target

1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc
Size

944KB
Sample

221126-qp9lpaff54
MD5

3d6ead1d7006c07233ec0f466904de8f
SHA1

50534257092dfd3c9740aa9163081f78aa292dca
SHA256

1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc
SHA512

5ee72fe1666511ca443ac34da936e06f5518ad401d6fd346909a39f3a2a3adc27b75c0137d789fcc9bec33a3bcd7c611070b8c3661d859c20cdfac5ef21c7625
SSDEEP

24576:gDp11AiYfzvnlQN7b+km7P3DcNR5lDJFYg:gF/A7LM7Ckm7P3AH5lDJO

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc.exe

Resource

win10v2004-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc
- Size
  
  944KB
- MD5
  
  3d6ead1d7006c07233ec0f466904de8f
- SHA1
  
  50534257092dfd3c9740aa9163081f78aa292dca
- SHA256
  
  1716fcc758acb8523dc23fd6c36cd301dc302882066640d8ed278a533f1275bc
- SHA512
  
  5ee72fe1666511ca443ac34da936e06f5518ad401d6fd346909a39f3a2a3adc27b75c0137d789fcc9bec33a3bcd7c611070b8c3661d859c20cdfac5ef21c7625
- SSDEEP
  
  24576:gDp11AiYfzvnlQN7b+km7P3DcNR5lDJFYg:gF/A7LM7Ckm7P3AH5lDJO
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy