hawkeye | 47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47 | Triage

Submit
Reports

Overview

overview

Static

static

3

47596c6f36...47.exe

windows7-x64

47596c6f36...47.exe

windows10-2004-x64

Sharing

General

Target

47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
Size

421KB
Sample

230609-3dwa5see2t
MD5

d7785eb032bdc8df551ceda9933688d0
SHA1

5e454bd1f8097155f40bec0d64c60f4aae1c988c
SHA256

47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
SHA512

f71fcaee801179df15c505a77da079aebe45d80c325bc7f60d4afdd2ed25e1589fa6d20ba6414f2adee05c49add6e337dcf29c0ff3cf6b44c531b8e6d4308c16
SSDEEP

6144:wZuuObR8sVImcyYJnuptejV0rXkSfvyXwXtYV/wADJ2oC9IAyBDxnlYAVjk10k9j:nV+mzLgkvywC2ok9OpC0k9a3hAeXAZ

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47.exe

Resource

win7-20230220-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47.exe

Resource

win10v2004-20230221-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
- Size
  
  421KB
- MD5
  
  d7785eb032bdc8df551ceda9933688d0
- SHA1
  
  5e454bd1f8097155f40bec0d64c60f4aae1c988c
- SHA256
  
  47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
- SHA512
  
  f71fcaee801179df15c505a77da079aebe45d80c325bc7f60d4afdd2ed25e1589fa6d20ba6414f2adee05c49add6e337dcf29c0ff3cf6b44c531b8e6d4308c16
- SSDEEP
  
  6144:wZuuObR8sVImcyYJnuptejV0rXkSfvyXwXtYV/wADJ2oC9IAyBDxnlYAVjk10k9j:nV+mzLgkvywC2ok9OpC0k9a3hAeXAZ
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy