hawkeye | 0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7 | Triage

Submit
Reports

Overview

overview

Static

static

0b08e10aaf...f7.exe

windows7-x64

0b08e10aaf...f7.exe

windows10-2004-x64

Sharing

General

Target

0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
Size

603KB
Sample

221128-m3z3madd4v
MD5

e8e0e1fca38cae6c9e7c6ab198348edd
SHA1

085d8569669e3c6cbb6bd6bd0cfc67c87f485ce2
SHA256

0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
SHA512

2af12e0fc8648c0dea69c31f028ceefce6a58780d4ad0ef22f409bf113db23a8209808946c1b1c4cc27b03793177adba8d5b03c7279cba895705998eab253c15
SSDEEP

12288:VA/rmdd4qux35UzuQdr6NeqtI7myHUgVt4d0hFrj38N:crmdd3I3Y96NSyE4dCnM

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7.exe

Resource

win10v2004-20220812-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
uchenna12345

Targets

- Target
  
  0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
- Size
  
  603KB
- MD5
  
  e8e0e1fca38cae6c9e7c6ab198348edd
- SHA1
  
  085d8569669e3c6cbb6bd6bd0cfc67c87f485ce2
- SHA256
  
  0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
- SHA512
  
  2af12e0fc8648c0dea69c31f028ceefce6a58780d4ad0ef22f409bf113db23a8209808946c1b1c4cc27b03793177adba8d5b03c7279cba895705998eab253c15
- SSDEEP
  
  12288:VA/rmdd4qux35UzuQdr6NeqtI7myHUgVt4d0hFrj38N:crmdd3I3Y96NSyE4dCnM
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy