hawkeye | f4ea2a9844ffda232e7310381b5a0b42d9d36215a9945936142e52258c19d133 | Triage

Submit
Reports

Overview

overview

Static

static

5

Purchase O...rt.exe

windows7-x64

Purchase O...rt.exe

windows10-2004-x64

Sharing

General

Target

6596f059f056f6425c4a6498377f2df2_JaffaCakes118
Size

1.4MB
Sample

240522-cabt8agg5z
MD5

6596f059f056f6425c4a6498377f2df2
SHA1

c67d4836fc2c64ee5e6a1ad4f48d67cd677d64fc
SHA256

f4ea2a9844ffda232e7310381b5a0b42d9d36215a9945936142e52258c19d133
SHA512

4af76670acbeeb63b7f4eae4cdc94e5881e9b9c31a013e2490842e6346c8923457cc29a3201b8759b55522577e65202af59b03a112de4a83e275c20b6f716234
SSDEEP

24576:Ia0+iKGDGeR5XSOHy+X/pzqc9g91oAkia+h/a3dEHIOw0gEyEtkU6DeS:IaS5q2rys39UNkia+UGIOCEy/tDeS

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Purchase Order_32011007_PDF ________________________ IndiaMart.exe

Resource

win7-20240221-en

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Order_32011007_PDF ________________________ IndiaMart.exe

Resource

win10v2004-20240508-en

hawkeye collection keylogger persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
outback.websitewelcome.com
Port:
587
Username:
[email protected]
Password:
Change2020*

Targets

- Target
  
  Purchase Order_32011007_PDF ________________________ IndiaMart.com
- Size
  
  1.9MB
- MD5
  
  3028514a88931279e013935981e0bc67
- SHA1
  
  dcbc85bedd0fdaf734c24e2236f042780e8d62cb
- SHA256
  
  c1df583ca0726b951814b38ea8cdb97a2a3f6e4799cbd01af75f9f6df6b96d31
- SHA512
  
  24946f9058ef1e4c36337fcd99948f61052c69ebcf4ec33412fac0a8af386b7a29337630418dfbc1b11acb1bef24b5d523251e74606d6a06e2374e0b89b8a8a5
- SSDEEP
  
  49152:Wu0c++OCvkGs9Fa3A8jGNcPaXJyJYlsmQV2jFiBY:ZB3vkJ9MpGCuyJh+FW
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy