hawkeye | d3cbbe62c635be55722dbe7f9039bdae39b3b9bbbc476d9a31aff01feae8314c | Triage

Submit
Reports

Overview

overview

Static

static

3

a8d0ccca3a...18.exe

windows7-x64

a8d0ccca3a...18.exe

windows10-2004-x64

Sharing

General

Target

a8d0ccca3a104452953a1f6ff2cb4f9d_JaffaCakes118
Size

842KB
Sample

240614-kr4wbstbjb
MD5

a8d0ccca3a104452953a1f6ff2cb4f9d
SHA1

2c4aacf7671bd108568bcc5e5214b94ef4d27543
SHA256

d3cbbe62c635be55722dbe7f9039bdae39b3b9bbbc476d9a31aff01feae8314c
SHA512

d3b056a7ed95d6cf3c5dd52d81ec90b946f58f169e430ac2f6f3733f4653f09905589f6c46c04a85e11570549d94b46ff998df91235308e543a9ed33e751612d
SSDEEP

12288:cbmzUDpvbClksiuPMnmDsg/b/wkkA28BI5qsHt4N9fiZe+dg2CH1WwbKhsDvnxlx:0mktUFPbnkA28iY8t4Dn+ra

Score

10^/10

hawkeye collection keylogger spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8d0ccca3a104452953a1f6ff2cb4f9d_JaffaCakes118.exe

Resource

win7-20231129-en

hawkeye collection keylogger spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8d0ccca3a104452953a1f6ff2cb4f9d_JaffaCakes118.exe

Resource

win10v2004-20240611-en

hawkeye collection keylogger spyware stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  a8d0ccca3a104452953a1f6ff2cb4f9d_JaffaCakes118
- Size
  
  842KB
- MD5
  
  a8d0ccca3a104452953a1f6ff2cb4f9d
- SHA1
  
  2c4aacf7671bd108568bcc5e5214b94ef4d27543
- SHA256
  
  d3cbbe62c635be55722dbe7f9039bdae39b3b9bbbc476d9a31aff01feae8314c
- SHA512
  
  d3b056a7ed95d6cf3c5dd52d81ec90b946f58f169e430ac2f6f3733f4653f09905589f6c46c04a85e11570549d94b46ff998df91235308e543a9ed33e751612d
- SSDEEP
  
  12288:cbmzUDpvbClksiuPMnmDsg/b/wkkA28BI5qsHt4N9fiZe+dg2CH1WwbKhsDvnxlx:0mktUFPbnkA28iY8t4Dn+ra
Score

10^/10

hawkeye collection keylogger spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojanupx

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy