hawkeye | b4c515ace87a3f6c263475f9e9fa57851d872f7ae91a0f32c4c901132ddf549c | Triage

Submit
Reports

Overview

overview

Static

static

3

dcae346b4f...d7.exe

windows10-1703-x64

dcae346b4f...d7.exe

windows10-2004-x64

dcae346b4f...d7.exe

windows11-21h2-x64

Sharing

General

Target

dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7.7z
Size

975KB
Sample

240419-xlf9ascf58
MD5

0d7c4b816177e966198db346a8271a39
SHA1

d73a62a4133dec7f46c094b16d1cad8d1cb0e3c9
SHA256

b4c515ace87a3f6c263475f9e9fa57851d872f7ae91a0f32c4c901132ddf549c
SHA512

f99ea18b50797e65cfbc56ecc4187e1e8e3fbc5ebeaa696c9fee72213e88fd2f00090dc3b0599871f271596b91fc74dcb506d2c573edacd9ff36bebc89a2a81a
SSDEEP

24576:MqA61JyP8I2njMmc2m9b15CURDgUC64dA7uUP0:XAvPS/I93CURDFC64ghc

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7.exe

Resource

win10-20240404-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-1703-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7.exe

Resource

win10v2004-20240412-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7.exe

Resource

win11-20240412-en

hawkeye collection keylogger persistence spyware stealer trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7
- Size
  
  998KB
- MD5
  
  88d19703623192e4ddf73cec4aa24a89
- SHA1
  
  c23025a02259e6da9a7db46ce7a12274a3cd4b18
- SHA256
  
  dcae346b4fd3da14ef50ccfb5b5e06fd73fb17918c2ac00b324d89ed7b104fd7
- SHA512
  
  83e366948e5a8e80fc31e98771029add13293387fa876a2ba8a420032db9b23c043e2ee228eaafce8c7224d1d3b5081a1c9de26b003b7877657d44741abc03e6
- SSDEEP
  
  24576:M1eKhP8/X0LknDY1zhdpACe+0RJ7Vz5xDIaTyEYKlZUOXJ:MXhP9LkD4T0htmJWt
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral3

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy