hawkeye | ed57cba9387fa1f503b7c5b4bd07f4090ba98a3de174cfdf09ef8446d00bd670 | Triage

Submit
Reports

Overview

overview

Static

static

3

Statement....nt.exe

windows7-x64

Statement....nt.exe

windows10-2004-x64

Sharing

General

Target

9502a9bb8817b95a0869d9d5993fa6bc_JaffaCakes118
Size

663KB
Sample

240604-qqa5hshe67
MD5

9502a9bb8817b95a0869d9d5993fa6bc
SHA1

38b967398a8fbcbbe3ec3e543847ba6888b3b096
SHA256

ed57cba9387fa1f503b7c5b4bd07f4090ba98a3de174cfdf09ef8446d00bd670
SHA512

5b9ea6937dc49291d06498e0301e072c1f0670ef34506d5c8804ec76216f7cd11a0b0729269652034e3af3af74e01ef89ac021fd48f98ea6fd4767276ca7c313
SSDEEP

12288:UP+zKn7bJwEPhNEJahx6Epr4fPKdOWTzBhiatAe6UPEDTrkQaWWp:UGzKxwEDdQ6r4fSpiaAUfQWp

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Statement.Of.Account.exe

Resource

win7-20240508-en

hawkeye collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Statement.Of.Account.exe

Resource

win10v2004-20240508-en

hawkeye collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Statement.Of.Account.exe
- Size
  
  730KB
- MD5
  
  d875b18ba8697ac9f3f6a5733ae916fa
- SHA1
  
  1e2704f3b999e57e84c2b5e9fb27a47d4fa3f356
- SHA256
  
  ce80af98fda09bf24006e478aca3f2bdc6e496a293223116b0da19d7aa2073cd
- SHA512
  
  b493af28acc377e63c6b929b167818b5234efadf29e420cb71637621afd729dcd320051281684e5783a10e41a4fe15ccea8a085ec1c140b5fc8124f12a5f70ad
- SSDEEP
  
  12288:cMput4EcmZHAFaxmVmie9bngPooRy3i0zPPQEHjRYS11CQmWHDK32UD0JK79Jiek:cMpk4EcmZHAFaxmVmie9bngPZmwEHjq7
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy