hawkeye | 8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25 | Triage

Submit
Reports

Overview

overview

Static

static

8bbc573a3e...25.exe

windows7-x64

8bbc573a3e...25.exe

windows10-2004-x64

Sharing

General

Target

8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25
Size

562KB
Sample

221127-jpqp9aed7z
MD5

898ef852ab68d02e36300b2e07e696fe
SHA1

564e18049c7962e6f9640ac30eebd9906651432d
SHA256

8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25
SHA512

43d278784d2cbb7a0ce34e1b1023e2acc9da6d78cfa361fb126bd62edbb919b8e7a2e1a374a8631a9e16bd60d2fe91c38289cc05ebe0fa8e96dff0cb2f17bc89
SSDEEP

12288:4My9E1SnPKqz35dxs50H3yLs7C109Zoir1FkGsrsKfCEvHom+K/RHekSF5G2:4MUrX35dWmYmzuir1FGsMCvm7HG53

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25.exe

Resource

win7-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25
- Size
  
  562KB
- MD5
  
  898ef852ab68d02e36300b2e07e696fe
- SHA1
  
  564e18049c7962e6f9640ac30eebd9906651432d
- SHA256
  
  8bbc573a3e24a5fb911e862638759a1dd1120b8cda5986ada98f92faac1a5f25
- SHA512
  
  43d278784d2cbb7a0ce34e1b1023e2acc9da6d78cfa361fb126bd62edbb919b8e7a2e1a374a8631a9e16bd60d2fe91c38289cc05ebe0fa8e96dff0cb2f17bc89
- SSDEEP
  
  12288:4My9E1SnPKqz35dxs50H3yLs7C109Zoir1FkGsrsKfCEvHom+K/RHekSF5G2:4MUrX35dWmYmzuir1FGsMCvm7HG53
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy