hawkeye | 48891caca25640d071292a4e4aa25ba295a3f2c0cc61eb2ea29574c991420461 | Triage

Submit
Reports

Overview

overview

Static

static

3

e1aa6e8874...2d.exe

windows7-x64

e1aa6e8874...2d.exe

windows10-2004-x64

Resubmissions

27-06-2023 22:46

230627-2qbltsgf5z 10

27-06-2023 22:38

230627-2kplhagf41 10

Sharing

General

Target

10986288171.zip
Size

589KB
Sample

230627-2kplhagf41
MD5

ceddae47f5cc18f850795f4406af29e5
SHA1

ed6e0a862e35e37f55946f4b14445ba92967e02e
SHA256

48891caca25640d071292a4e4aa25ba295a3f2c0cc61eb2ea29574c991420461
SHA512

62a7d45f83c125beda89077afd3fcd4cf324b00fd8cfb0fa283ee7d225d2ebb4dd38de8b5841b8d55658b4afffb804e8cb90563a2310d0c35b778a9aab81d5bf
SSDEEP

12288:dfiEDAQFIXNBCpGaW5NUOEunpLjyfniI/P00mgT5Gl28rs:11AQFsBCpO2apLjAiV01Gl2V

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d.exe

Resource

win7-20230621-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d.exe

Resource

win10v2004-20230621-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d
- Size
  
  663KB
- MD5
  
  f0d69c291d513b01ec5a21f53d33b0ed
- SHA1
  
  d9613e6e1e19324bb5b020adbe17407a974364da
- SHA256
  
  e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d
- SHA512
  
  7e520253083c451a242005f5dcc5fa76a04f7e3a1273a6884877a8473e01b3bb809617213a70aa8e48130e5ed9222f39a992a4ce68162c9b472ac6970e4fad04
- SSDEEP
  
  12288:vvynoGCh0PqKzFXZHjA5kyL69JY6t59d8zH+jul:HIXXqeXZHjxyL69JvLqze
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy