hawkeye | 26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749 | Triage

Submit
Reports

Overview

overview

Static

static

26208c834b...49.exe

windows7-x64

26208c834b...49.exe

windows10-2004-x64

Sharing

General

Target

26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
Size

1005KB
Sample

221128-wlq8tsaa8s
MD5

ba11d47be9d8609d31c1e71c839ccfef
SHA1

5829d66ab0ac2b626c826a7656aaca439eeed2f7
SHA256

26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
SHA512

8cc56f8a491fd0cb07a803f9ee1ba07c8ab3fde814decb3f5c53096ac3a47362b5ddab2caad787ac215d13d095ef6dc3df8e4196ee98cba51d69a34c7fe75693
SSDEEP

24576:ajr1UHd4dk8XzoE7vOFH91VYyNEJ96HJPi8UnQsWqSfz3:Ir3d2GvOh9gYEJ0Vi8UnSfz

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749.exe

Resource

win7-20221111-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749.exe

Resource

win10v2004-20221111-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.mail.ru
Port:
587
Username:
davidchua@mail.ru
Password:
riches123

Targets

- Target
  
  26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
- Size
  
  1005KB
- MD5
  
  ba11d47be9d8609d31c1e71c839ccfef
- SHA1
  
  5829d66ab0ac2b626c826a7656aaca439eeed2f7
- SHA256
  
  26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
- SHA512
  
  8cc56f8a491fd0cb07a803f9ee1ba07c8ab3fde814decb3f5c53096ac3a47362b5ddab2caad787ac215d13d095ef6dc3df8e4196ee98cba51d69a34c7fe75693
- SSDEEP
  
  24576:ajr1UHd4dk8XzoE7vOFH91VYyNEJ96HJPi8UnQsWqSfz3:Ir3d2GvOh9gYEJ0Vi8UnSfz
Score

10^/10

hawkeye collection keylogger spyware stealer trojan persistence
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy