hawkeye | 028be5788093b28cb81278a235abe328ece0264fbcec09e599e9251f0a87e562 | Triage

Submit
Reports

Overview

overview

Static

static

3

839be5e2a6...2b.exe

windows7-x64

839be5e2a6...2b.exe

windows10-2004-x64

Sharing

General

Target

028be5788093b28cb81278a235abe328ece0264fbcec09e599e9251f0a87e562
Size

893KB
Sample

240417-rvyxtade81
MD5

62405c5a2161f4598fe0fe3341ec276d
SHA1

93311d2e55f23499045ee219817275e8ab9b7c22
SHA256

028be5788093b28cb81278a235abe328ece0264fbcec09e599e9251f0a87e562
SHA512

4a136b73214ea0641d65e0f2af930bae3b1482c76fc24c9f50df57f96b810b664c5d7c418e33e28efc026fd128bd58ef25678f460156fe00df410e147c917580
SSDEEP

12288:eXrU4CWVDl7CSl/CNGtcnBm5C3WQJEYMd0gABNcI4Ynu0TaTtPRO7vHnFHE5pR76:egSblKAl54JEYMdWtnZTSt+vHnBE5PK1

Score

10^/10

hawkeye remcos remotehost collection keylogger rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe

Resource

win7-20240221-en

remcos remotehost collection rat spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe

Resource

win10v2004-20240412-en

hawkeye remcos remotehost collection keylogger rat spyware stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

paygateme.net:2286

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-BDTHCE
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
- Size
  
  984KB
- MD5
  
  3f6158f27ef80630313026f52cac93f4
- SHA1
  
  ba374eb42010c5cf44fdc259983dc44442cb0753
- SHA256
  
  839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b
- SHA512
  
  7ce1b216d055a6ae8491d93fab07502646b1a1939e2796005005875405e65ae5a2d97fc7607690ba2d38683678d22206529ad57d26c243e76c695da5b67faaf0
- SSDEEP
  
  24576:4Nxc5Gjn6R/TiWtnTS65ox40AjuCDLym06vQvyi3B:CxfjnkOYJ5cbuLyZ9
Score

10^/10

remcos remotehost collection rat spyware stealer hawkeye keylogger trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

remcosremotehostcollectionratspywarestealer

behavioral2

hawkeyeremcosremotehostcollectionkeyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy