hawkeye | caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d | Triage

Submit
Reports

Overview

overview

Static

static

caa697dcf3...5d.exe

windows7-x64

caa697dcf3...5d.exe

windows10-2004-x64

9

Sharing

General

Target

caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
Size

1.6MB
Sample

221128-wvpflaag7w
MD5

2b7823f86268bfb968865907ce46750a
SHA1

e5fdbeed91bc034728ddd79807fd0c5cce10df6b
SHA256

caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
SHA512

bcfedf113c2008a1de006043c6dd4d9fd63be71a18bbb5709e73607693083a668e9b9c81c7a93064f054eafa9b4b6add28ff4c35203500feb2afb94c6280a0c5
SSDEEP

24576:72O/GlKfj2BeJbXJAdVutylJJmAdCDD0/ARLPCs8KrM3bD4d7g6zwm4m53Sb23:X9JautylSAdK0/ARLq7bDQ5kFm53Sy3

Score

10^/10

hawkeye collection evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d.exe

Resource

win7-20220812-en

hawkeye collection evasion keylogger persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d.exe

Resource

win10v2004-20221111-en

evasion persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
- Size
  
  1.6MB
- MD5
  
  2b7823f86268bfb968865907ce46750a
- SHA1
  
  e5fdbeed91bc034728ddd79807fd0c5cce10df6b
- SHA256
  
  caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
- SHA512
  
  bcfedf113c2008a1de006043c6dd4d9fd63be71a18bbb5709e73607693083a668e9b9c81c7a93064f054eafa9b4b6add28ff4c35203500feb2afb94c6280a0c5
- SSDEEP
  
  24576:72O/GlKfj2BeJbXJAdVutylJJmAdCDD0/ARLPCs8KrM3bD4d7g6zwm4m53Sb23:X9JautylSAdK0/ARLq7bDQ5kFm53Sy3
Score

10^/10

hawkeye collection evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionevasionkeyloggerpersistencespywarestealertrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy