hawkeye | 6583ece21654fa41c36a713160ae4e10fdb6edea67ac4e4b2397d75c4a195284 | Triage

Submit
Reports

Overview

overview

Static

static

5

proforma invoice.exe

windows7-x64

proforma invoice.exe

windows10-2004-x64

Sharing

General

Target

5b2a5db14a4515de07df5f091ecbd5fb_JaffaCakes118
Size

929KB
Sample

240519-ymd11aeh69
MD5

5b2a5db14a4515de07df5f091ecbd5fb
SHA1

e06d25cff824b6a10d694538ed925f11c2f422be
SHA256

6583ece21654fa41c36a713160ae4e10fdb6edea67ac4e4b2397d75c4a195284
SHA512

3ae1d3aba384a3b8cdf5fc31b1d56f2ee346686e3fe78bb7ad1af9d85f478836bbc8543afe556a9005a146fa528223d0995772fc2f4329a4bad43f2fa556a496
SSDEEP

24576:/WheP/nwU8/qkYHNQBu/s5sUernrlSYHd6EErH:/AeXV8/XYtGgwsU8ngYHd6fz

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

proforma invoice.exe

Resource

win7-20240221-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

proforma invoice.exe

Resource

win10v2004-20240508-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
[email protected]
Password:
kelvinklin123

Targets

- Target
  
  proforma invoice
- Size
  
  1.7MB
- MD5
  
  61c5dde7b4dbb77058f8aad370e92648
- SHA1
  
  753c4913e5bd73a37c04ec4b180f99aa5d15b2f0
- SHA256
  
  4f387257ba2721c27465800f9db3e513ded059ce28b68d593de0f459dfcf95a7
- SHA512
  
  7cc15313ed4c0373112cd08240303f4baae696eb86dd9fcf9d3de6b1773fa0e2a5089b86051fd0c15257b3588fe9135dea559dbc799880c8820bbf6e097d9ae1
- SSDEEP
  
  24576:EAHnh+eWsN3skA4RV1Hom2KXMmHapr1X5pc0zEtdKnY2jDPFT7TVfd5HTfr6sbt5:Th+ZkldoPK8Yapyqu2jDPpNHH5T
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy