hawkeye | aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa | Triage

Submit
Reports

Overview

overview

Static

static

aff0173fc9...aa.exe

windows7-x64

aff0173fc9...aa.exe

windows10-2004-x64

Sharing

General

Target

aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
Size

543KB
Sample

221127-fpsytseh9s
MD5

220aa8c39fda5bdfee9ece220ec14928
SHA1

50d5af08afe233857d18ba89342795c54231fd16
SHA256

aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
SHA512

04f5cb152352ea93269b0c8184cb7c60a7259a8e5ba463e3ec1473a3c1481fba5888f048b1ecd6656a88efbdf07f630b0cd15ba72c9d46a0dc1298eb0ea97396
SSDEEP

12288:eJsUw0L5ZLzvBa51lO5aSrhHvI3/GzlmZJiPY7z6v68cEl3pnau:zE3bB41VSrhPG6lmeDv6fERwu

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa.exe

Resource

win7-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
houseofexlies@gmail.com
Password:
yozzgikoyinpewpd

Targets

- Target
  
  aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
- Size
  
  543KB
- MD5
  
  220aa8c39fda5bdfee9ece220ec14928
- SHA1
  
  50d5af08afe233857d18ba89342795c54231fd16
- SHA256
  
  aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
- SHA512
  
  04f5cb152352ea93269b0c8184cb7c60a7259a8e5ba463e3ec1473a3c1481fba5888f048b1ecd6656a88efbdf07f630b0cd15ba72c9d46a0dc1298eb0ea97396
- SSDEEP
  
  12288:eJsUw0L5ZLzvBa51lO5aSrhHvI3/GzlmZJiPY7z6v68cEl3pnau:zE3bB41VSrhPG6lmeDv6fERwu
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies WinLogon for persistence
  persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy