Overview

overview

10

Static

static

5b6610379c...c3.exe

windows7-x64

10

5b6610379c...c3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3

  • Size

    968KB

  • Sample

    221130-p7enlaeh7y

  • MD5

    2745ff290f911865a5451f5d726fefac

  • SHA1

    cebcf4314b61e6f3e13a960eb12d7075e0a0fe6d

  • SHA256

    5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3

  • SHA512

    0c8398652c620876f7622f9425b9dd3f218351aa65a34e96866c495462d28ec0f5ddd5f46ab2d512bbb6e4c9dd87164cf110f8eaa59a9cac873849cfdde0b6d2

  • SSDEEP

    24576:K3T6pi2qOpLh79Hlb8UbRV938Aa5HYvDy2WZqdRjHnAIMtZ54Lr3rmyu9GW2f2nh:oIZ9Fb8UM5HYvDy2WZqdRjHnAIMtZ54C

Score
10/10
hawkeyecollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    lamb.talk@yandex.com
  • Password:
    SaviO123@@

Targets

    • Target

      5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3

    • Size

      968KB

    • MD5

      2745ff290f911865a5451f5d726fefac

    • SHA1

      cebcf4314b61e6f3e13a960eb12d7075e0a0fe6d

    • SHA256

      5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3

    • SHA512

      0c8398652c620876f7622f9425b9dd3f218351aa65a34e96866c495462d28ec0f5ddd5f46ab2d512bbb6e4c9dd87164cf110f8eaa59a9cac873849cfdde0b6d2

    • SSDEEP

      24576:K3T6pi2qOpLh79Hlb8UbRV938Aa5HYvDy2WZqdRjHnAIMtZ54Lr3rmyu9GW2f2nh:oIZ9Fb8UM5HYvDy2WZqdRjHnAIMtZ54C

    Score
    10/10
    hawkeyecollectionkeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks