hawkeye | c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1 | Triage

Submit
Reports

Overview

overview

Static

static

c019cd5d76...e1.exe

windows7-x64

9

c019cd5d76...e1.exe

windows10-2004-x64

Sharing

General

Target

c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1
Size

997KB
Sample

221126-qz3wwsbd8x
MD5

cbff5c0aa4f33d3485c1c5a118daec7f
SHA1

7ec996900ccdf3eb06b33eea35e834861daecfbc
SHA256

c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1
SHA512

dfd279f65c097d022ba24cd27f6f6fdb8068170a35b2b72b8855aeaa46c5fcb4af7b1d0fe92c4630d35ab620364a5418c7131f0a84acec2833ae1d562d87508d
SSDEEP

24576:jqV/j/+lmGe4OdLgeH2UGO7+HPE9Ic5mMP3rp:jNWdLgeH2jS+HrS

Score

10^/10

hawkeye keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1.exe

Resource

win7-20220901-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1.exe

Resource

win10v2004-20221111-en

hawkeye keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1
- Size
  
  997KB
- MD5
  
  cbff5c0aa4f33d3485c1c5a118daec7f
- SHA1
  
  7ec996900ccdf3eb06b33eea35e834861daecfbc
- SHA256
  
  c019cd5d76e0954de518e73a8960ed1bdc4d917c90ac45a137d49e7347044de1
- SHA512
  
  dfd279f65c097d022ba24cd27f6f6fdb8068170a35b2b72b8855aeaa46c5fcb4af7b1d0fe92c4630d35ab620364a5418c7131f0a84acec2833ae1d562d87508d
- SSDEEP
  
  24576:jqV/j/+lmGe4OdLgeH2UGO7+HPE9Ic5mMP3rp:jNWdLgeH2jS+HrS
Score

10^/10

hawkeye keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyekeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy