Overview

overview

10

Static

static

964d769aaa...af.exe

windows7-x64

10

964d769aaa...af.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    964d769aaadbf1afe39f0fecf2bae74d70b3e8a2a5f4133772c355004a6632af

  • Size

    452KB

  • Sample

    221127-qwn9bsfa9y

  • MD5

    0b29df4a6aadb1170edb26bac1e2590e

  • SHA1

    2f052104fe348c27e9a8e5c29129e99dd692bbaa

  • SHA256

    964d769aaadbf1afe39f0fecf2bae74d70b3e8a2a5f4133772c355004a6632af

  • SHA512

    f38b0a76da77693cc7050cdeb63981d1d7f2499262d713d44c005461708092f8ead15a4556412a366ddd94673d17a7181eb24a327e7ae8853928cf87b632ce5e

  • SSDEEP

    6144:R57UOMFZc64/9EjRmOejGwbg+NM1ocKYPJ0Nbk/eXZ+Xe7jQRSMm6eMvzP4aK:RRUO4FSjOAbvCzlPJ0NY/emewk6e

Score
10/10
hawkeyecollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      964d769aaadbf1afe39f0fecf2bae74d70b3e8a2a5f4133772c355004a6632af

    • Size

      452KB

    • MD5

      0b29df4a6aadb1170edb26bac1e2590e

    • SHA1

      2f052104fe348c27e9a8e5c29129e99dd692bbaa

    • SHA256

      964d769aaadbf1afe39f0fecf2bae74d70b3e8a2a5f4133772c355004a6632af

    • SHA512

      f38b0a76da77693cc7050cdeb63981d1d7f2499262d713d44c005461708092f8ead15a4556412a366ddd94673d17a7181eb24a327e7ae8853928cf87b632ce5e

    • SSDEEP

      6144:R57UOMFZc64/9EjRmOejGwbg+NM1ocKYPJ0Nbk/eXZ+Xe7jQRSMm6eMvzP4aK:RRUO4FSjOAbvCzlPJ0NY/emewk6e

    Score
    10/10
    hawkeyecollectionkeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks