hawkeye | bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2 | Triage

Sharing

General

Target

bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
Size

1013KB
Sample

221127-xd4dvsec3s
MD5

906f41885d365f221146201982485cb8
SHA1

6f786bda59777f06c17f34c39141079590662093
SHA256

bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
SHA512

20302e0de878de2dac17781f21e52bc5f740a7be6d5a5f58e353e891464532f01e6b42d0f623125ac106b75c1053d1f0bf3583621ccdf75a80e5dd9fe2c41f44
SSDEEP

24576:0Jf42h1cqDhythNsH9KDCk028BWmAZutF15MxMXR:o4NWhqU0v8BW9sFzQM

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
pioneermarinbd@gmail.com
Password:
tacxszcnntqbktph

Targets

- Target
  
  bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
- Size
  
  1013KB
- MD5
  
  906f41885d365f221146201982485cb8
- SHA1
  
  6f786bda59777f06c17f34c39141079590662093
- SHA256
  
  bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
- SHA512
  
  20302e0de878de2dac17781f21e52bc5f740a7be6d5a5f58e353e891464532f01e6b42d0f623125ac106b75c1053d1f0bf3583621ccdf75a80e5dd9fe2c41f44
- SSDEEP
  
  24576:0Jf42h1cqDhythNsH9KDCk028BWmAZutF15MxMXR:o4NWhqU0v8BW9sFzQM
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojan

behavioral2