hawkeye | c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5 | Triage

Submit
Reports

Overview

overview

Static

static

c1a54e5acf...e5.exe

windows7-x64

c1a54e5acf...e5.exe

windows10-2004-x64

Sharing

General

Target

c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
Size

944KB
Sample

221126-w15prshb5t
MD5

e2f5479a58ca015e1673f19f70788eb3
SHA1

fb810a12599925a8477fb42ba670c759d89d1e32
SHA256

c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
SHA512

4c53fcb4e3af1d286cb6a567745f2a8116b9a91ae088cf1dad4e0ed60d39f966fa2d420310f34930375715a159fbdbfefa15d453f51042a3b13138b3e2914819
SSDEEP

24576:Ofeyxuu0OMZOrN+x1JjrY12EQbJNWGWHKu7naezlavxD:OfeY0OocHQmKyaj

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5.exe

Resource

win10v2004-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
- Size
  
  944KB
- MD5
  
  e2f5479a58ca015e1673f19f70788eb3
- SHA1
  
  fb810a12599925a8477fb42ba670c759d89d1e32
- SHA256
  
  c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
- SHA512
  
  4c53fcb4e3af1d286cb6a567745f2a8116b9a91ae088cf1dad4e0ed60d39f966fa2d420310f34930375715a159fbdbfefa15d453f51042a3b13138b3e2914819
- SSDEEP
  
  24576:Ofeyxuu0OMZOrN+x1JjrY12EQbJNWGWHKu7naezlavxD:OfeY0OocHQmKyaj
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy