hawkeye | 1ac7b754c603722fc1a4c38cf6f23bde50edb667efa0a8abfd4f9008fc40ebce | Triage

Submit
Reports

Overview

overview

Static

static

3

5a55c46f03...18.exe

windows7-x64

5a55c46f03...18.exe

windows10-2004-x64

Sharing

General

Target

5a55c46f031c51c19ff3bca04096684e_JaffaCakes118
Size

668KB
Sample

240519-tx7nvafe3z
MD5

5a55c46f031c51c19ff3bca04096684e
SHA1

9dbac20857e5f72942e2d3f2bd584a0ed6620919
SHA256

1ac7b754c603722fc1a4c38cf6f23bde50edb667efa0a8abfd4f9008fc40ebce
SHA512

50428e9d58539e810063af1d56dd157f7442181d089c677c55e29936b8d4b98524c1f7b8f55929ffe5b11e51571cdb0d5890b663a12665030de5042bdbc410a6
SSDEEP

12288:FKEimK3hyzVkEtXQJ81Z7O5OWlf6+abnmgUiGvOC2bR+7j+NYe1uQkDZ:0EimohUlAmxaOWlWIOCzS+HRD

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5a55c46f031c51c19ff3bca04096684e_JaffaCakes118.exe

Resource

win7-20240508-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a55c46f031c51c19ff3bca04096684e_JaffaCakes118.exe

Resource

win10v2004-20240508-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.mail.com
Port:
587
Username:
j.nothing@asia.com
Password:
malaysia25

Targets

- Target
  
  5a55c46f031c51c19ff3bca04096684e_JaffaCakes118
- Size
  
  668KB
- MD5
  
  5a55c46f031c51c19ff3bca04096684e
- SHA1
  
  9dbac20857e5f72942e2d3f2bd584a0ed6620919
- SHA256
  
  1ac7b754c603722fc1a4c38cf6f23bde50edb667efa0a8abfd4f9008fc40ebce
- SHA512
  
  50428e9d58539e810063af1d56dd157f7442181d089c677c55e29936b8d4b98524c1f7b8f55929ffe5b11e51571cdb0d5890b663a12665030de5042bdbc410a6
- SSDEEP
  
  12288:FKEimK3hyzVkEtXQJ81Z7O5OWlf6+abnmgUiGvOC2bR+7j+NYe1uQkDZ:0EimohUlAmxaOWlWIOCzS+HRD
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy