hawkeye

General

Target

8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
Size

564KB
Sample

221127-p1lhkach2v
MD5

a8dda1192aaac2da127a99b1e3600f25
SHA1

6e34212ef48f09ff0db836aab80c353f32feb9b4
SHA256

8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
SHA512

a2b20a46530b936dee7b6ff212f6025d2b56e48cc98ac46e31a655697ff9c45795b6556cb12cc0d6bf91d3623d1a6e76617b4d09c13c9c5da9305e0142e50d38
SSDEEP

12288:qSuqIz05wqquggrepn7rNezSOesRS6BRJvbd:qNz07CRrKSAbPb

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
Waynerossi

Targets

- Target
  
  8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
- Size
  
  564KB
- MD5
  
  a8dda1192aaac2da127a99b1e3600f25
- SHA1
  
  6e34212ef48f09ff0db836aab80c353f32feb9b4
- SHA256
  
  8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
- SHA512
  
  a2b20a46530b936dee7b6ff212f6025d2b56e48cc98ac46e31a655697ff9c45795b6556cb12cc0d6bf91d3623d1a6e76617b4d09c13c9c5da9305e0142e50d38
- SSDEEP
  
  12288:qSuqIz05wqquggrepn7rNezSOesRS6BRJvbd:qNz07CRrKSAbPb
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Drops startup file

Loads dropped DLL

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2