hawkeye | fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449 | Triage

Submit
Reports

Overview

overview

Static

static

fbc180d50a...49.exe

windows7-x64

fbc180d50a...49.exe

windows10-2004-x64

Sharing

General

Target

fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
Size

456KB
Sample

221127-rd5zsscf85
MD5

60a530875273e57da23228d1b79462f0
SHA1

61efdbbf45cbfb807ba027d83df52d320d845645
SHA256

fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
SHA512

198fed455daaa7d18373b1c7d8863a7614d6e54722e5371f78fa6c88371e7d33f34d05d1f7837b48d67ae167c651f473916a578c7b68c5a7a4278821ad9d0a9a
SSDEEP

12288:qLad6V2iV2JPbiewHFNXHKt9R5hSdCc8ULh4s4zjag/E:Cad6V2iV2JPJwfHKtD5h3EB43F/E

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449.exe

Resource

win7-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449.exe

Resource

win10v2004-20220901-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
- Size
  
  456KB
- MD5
  
  60a530875273e57da23228d1b79462f0
- SHA1
  
  61efdbbf45cbfb807ba027d83df52d320d845645
- SHA256
  
  fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
- SHA512
  
  198fed455daaa7d18373b1c7d8863a7614d6e54722e5371f78fa6c88371e7d33f34d05d1f7837b48d67ae167c651f473916a578c7b68c5a7a4278821ad9d0a9a
- SSDEEP
  
  12288:qLad6V2iV2JPbiewHFNXHKt9R5hSdCc8ULh4s4zjag/E:Cad6V2iV2JPJwfHKtD5h3EB43F/E
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy