hawkeye | 772930c5c47fe742b60b441f8150edaa558ba9bbf13fb0f751b7d9dbdd828f21 | Triage

Submit
Reports

Overview

overview

Static

static

d98055b5de...0d.exe

windows7-x64

d98055b5de...0d.exe

windows10-2004-x64

Resubmissions

12-06-2023 20:39

230612-zfdbkadg48 10

12-06-2023 20:22

230612-y5s8msdf86 10

Sharing

General

Target

10752297395.zip
Size

300KB
Sample

230612-y5s8msdf86
MD5

cc8ae23ec9c4ef24b93c644ab0d5d85e
SHA1

5a0346d9e3bfbec9625afcabfdec893516fb8f1d
SHA256

772930c5c47fe742b60b441f8150edaa558ba9bbf13fb0f751b7d9dbdd828f21
SHA512

bce7d180a6896888c0e4391a12a8743f8253a5f1d6917deaee90c39eaa1f1abc57fa81bda31c7353b352e3c3468a2763ff39780ee59a1d0562da630ce8ac0956
SSDEEP

6144:waJzmulUNpdMjFrk+iGAmc0xHknHqVSpHfz8IqtDvVg:fJHlUNp6lk+6qFknKUp/z8IqtS

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d.exe

Resource

win7-20230220-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d.exe

Resource

win10v2004-20230221-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
painnerlogger092@gmail.com
Password:
pxfvdhixclsqroly

Targets

- Target
  
  d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d
- Size
  
  505KB
- MD5
  
  31fdba408133d245e8761d8960b8e568
- SHA1
  
  cd2cef468d33024c2dea149f50e0faf7b907130d
- SHA256
  
  d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d
- SHA512
  
  4b144469a74903cb0c8af0a52aaedf3e5b6676ef2c036cd74081c75e3e7d7869d0f4bd14c5914caf68ebc088285fdbda2e74571093c646c17d03179a783a8594
- SSDEEP
  
  6144:sNxbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9F7I:CxQtqB5urTIoYWBQk1E+VF9mOx9q
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy