hawkeye | 97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0 | Triage

Submit
Reports

Overview

overview

Static

static

1

28fbf26d76...18.exe

windows7-x64

28fbf26d76...18.exe

windows10-2004-x64

Sharing

General

Target

28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118
Size

644KB
Sample

240509-jlkptsgb4w
MD5

28fbf26d76059fb5f277eaae5b7f894b
SHA1

8bf8f4ccadd44da372359a31598856e187dc5b1f
SHA256

97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0
SHA512

2db87c5f04edbfee71575ca045dd96e694e75b0c84a7400e01ba429af44987052d7b7b694bdbc5ef808b917d1f39d6ab6f521b40d895e3c1d8da938450800660
SSDEEP

12288:q0wKEpZHDQi7vhMgWMzU9l9fDWmSsLbpnHrM8DoiQQWpH3UMQ9fp6zgJGE0:1Ejki75MTSCaaLbpnQ/zpU9ozMa

Score

10^/10

hawkeye collection keylogger spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118.exe

Resource

win7-20231129-en

hawkeye collection keylogger spyware stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118.exe

Resource

win10v2004-20240508-en

hawkeye collection keylogger spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
secure.emailsrvr.com
Port:
587
Username:
[email protected]
Password:
Wako2j22#

Targets

- Target
  
  28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118
- Size
  
  644KB
- MD5
  
  28fbf26d76059fb5f277eaae5b7f894b
- SHA1
  
  8bf8f4ccadd44da372359a31598856e187dc5b1f
- SHA256
  
  97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0
- SHA512
  
  2db87c5f04edbfee71575ca045dd96e694e75b0c84a7400e01ba429af44987052d7b7b694bdbc5ef808b917d1f39d6ab6f521b40d895e3c1d8da938450800660
- SSDEEP
  
  12288:q0wKEpZHDQi7vhMgWMzU9l9fDWmSsLbpnHrM8DoiQQWpH3UMQ9fp6zgJGE0:1Ejki75MTSCaaLbpnQ/zpU9ozMa
Score

10^/10

hawkeye collection keylogger spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojanupx

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy