hawkeye | 49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437 | Triage

Submit
Reports

Overview

overview

Static

static

49618f65d2...37.exe

windows7-x64

9

49618f65d2...37.exe

windows10-2004-x64

Sharing

General

Target

49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
Size

456KB
Sample

221127-pye8rscf7y
MD5

33865ce1bb2def0bae6e25875c27194c
SHA1

7aebab76b6699a0217522be62202c60dc57c5887
SHA256

49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
SHA512

2da4e9392afd62e5193f5633bb6576e4748f5b8b27d4d7eb8f185877d951d1972a16126b4c18b8bb8446e6135a07839961c93f61f036dfa6d40d5a990e570764
SSDEEP

12288:+7yDod16Vgxsv4QxPmOPtV2Wjj+3NJhawi44k:ng5QQatV2k69JhSy

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437.exe

Resource

win7-20221111-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
- Size
  
  456KB
- MD5
  
  33865ce1bb2def0bae6e25875c27194c
- SHA1
  
  7aebab76b6699a0217522be62202c60dc57c5887
- SHA256
  
  49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
- SHA512
  
  2da4e9392afd62e5193f5633bb6576e4748f5b8b27d4d7eb8f185877d951d1972a16126b4c18b8bb8446e6135a07839961c93f61f036dfa6d40d5a990e570764
- SSDEEP
  
  12288:+7yDod16Vgxsv4QxPmOPtV2Wjj+3NJhawi44k:ng5QQatV2k69JhSy
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy