hawkeye | c9a312abbd66dde9695cdbc60963b2dd16289538289ba9af0a8d9e2e9c809f71 | Triage

Submit
Reports

Overview

overview

Static

static

18f79ddfd5...6d.exe

windows7-x64

18f79ddfd5...6d.exe

windows10-2004-x64

Sharing

General

Target

18f79ddfd56e5beb86dfdd7cf7dfa8a72be614c2a434cd8327a7a487272b1a6d.exe.zip
Size

302KB
Sample

231201-spspaacc88
MD5

74966cdb57c3a98130afe940061d2bec
SHA1

807de3d274204af41be13da2a124acd622076a56
SHA256

c9a312abbd66dde9695cdbc60963b2dd16289538289ba9af0a8d9e2e9c809f71
SHA512

bfc393819088b8ed2c0354bf50e985e493347e5af3d33cc5d137913043f75c6b478b0df6c652ff85faba9b2b7283b2b02adc4fadd9e854e3f5fdf9b0657805f9
SSDEEP

6144:NSE5Tr2uyk1gcBsKKm6lvoHqbe0VCdqEPvd9R6kc+p7mSn8+4WK:NFjyk1BiKru20VCME3d2EmKR4h

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

18f79ddfd56e5beb86dfdd7cf7dfa8a72be614c2a434cd8327a7a487272b1a6d.exe

Resource

win7-20231020-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

18f79ddfd56e5beb86dfdd7cf7dfa8a72be614c2a434cd8327a7a487272b1a6d.exe

Resource

win10v2004-20231127-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  18f79ddfd56e5beb86dfdd7cf7dfa8a72be614c2a434cd8327a7a487272b1a6d.exe
- Size
  
  520KB
- MD5
  
  014571b0c16311e70b5b1c4cbbd10538
- SHA1
  
  c4560dff913b06c78d11ebfb06103b1f0b6fa956
- SHA256
  
  18f79ddfd56e5beb86dfdd7cf7dfa8a72be614c2a434cd8327a7a487272b1a6d
- SHA512
  
  641745397dcd286c2930cd7dcb72a9bc0a425ec5d496d05aa07096a8100ee65edc14e4afdee4b81b59c33e6b43355956201d3384bd82a86c49da4c48f92b2346
- SSDEEP
  
  6144:VuUqg1K6bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9D:XK6QtqB5urTIoYWBQk1E+VF9mOx9Ui
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy