hawkeye | f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2 | Triage

Submit
Reports

Overview

overview

Static

static

f901fad33d...c2.exe

windows7-x64

f901fad33d...c2.exe

windows10-2004-x64

Sharing

General

Target

f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
Size

1.3MB
Sample

221127-rwycnsdh92
MD5

41f2a423f4fb9d6eb43a39f4d20afcbf
SHA1

c1da163b26af40d5c51350f593273af25d8aa091
SHA256

f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
SHA512

aaf8013b0601e6d181c45be8f8f6638e4f7797f8154a115b8dd9ffb571a48295c3daf5be85f41086161472b2e13986fcd9895f3ce3733a3b3493e7fe8ff5ea14
SSDEEP

24576:poJL/y54Kf1pWfrLshb3EbEZ1YqIE+LbYi:m/b6pELsDEbs1JCLv

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2.exe

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
Mojisolanifemi123#

Targets

- Target
  
  f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
- Size
  
  1.3MB
- MD5
  
  41f2a423f4fb9d6eb43a39f4d20afcbf
- SHA1
  
  c1da163b26af40d5c51350f593273af25d8aa091
- SHA256
  
  f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
- SHA512
  
  aaf8013b0601e6d181c45be8f8f6638e4f7797f8154a115b8dd9ffb571a48295c3daf5be85f41086161472b2e13986fcd9895f3ce3733a3b3493e7fe8ff5ea14
- SSDEEP
  
  24576:poJL/y54Kf1pWfrLshb3EbEZ1YqIE+LbYi:m/b6pELsDEbs1JCLv
Score

10^/10

persistence hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies WinLogon for persistence
  persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy