hawkeye | 4fc00071f596b62d408a682bb80b7736fd46c87f212f6d0fe995bf6e8a40c15b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

skin igorek OSU!.exe

windows7-x64

skin igorek OSU!.exe

windows10-1703-x64

Sharing

General

Target

skin igorek OSU!.exe
Size

572KB
Sample

240708-y7kdhszard
MD5

a1155341929e15e4c7c1010ebad945ed
SHA1

bedea7dfff13ae16d872d5600c4b9f299375b3b4
SHA256

4fc00071f596b62d408a682bb80b7736fd46c87f212f6d0fe995bf6e8a40c15b
SHA512

08b7ac139dd187ee380a4e575b3fabf0c837521dc216460e7270e5cafac52ad49320f45414df82f5e50a656dfee84431131c345910e753ffa198e6bf9ef19e50
SSDEEP

6144:rBlbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9T9I:NlQtqB5urTIoYWBQk1E+VF9mOx9i

Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

skin igorek OSU!.exe

Resource

win7-20240704-de

hawkeye collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

skin igorek OSU!.exe

Resource

win10-20240404-de

hawkeye collection keylogger persistence spyware stealer trojan

windows10-1703-x64

13 signatures

300 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
poczta.interia.pl
Port:
587
Username:
igor.kaplan@interia.pl
Password:
Mruczek123

Targets

- Target
  
  skin igorek OSU!.exe
- Size
  
  572KB
- MD5
  
  a1155341929e15e4c7c1010ebad945ed
- SHA1
  
  bedea7dfff13ae16d872d5600c4b9f299375b3b4
- SHA256
  
  4fc00071f596b62d408a682bb80b7736fd46c87f212f6d0fe995bf6e8a40c15b
- SHA512
  
  08b7ac139dd187ee380a4e575b3fabf0c837521dc216460e7270e5cafac52ad49320f45414df82f5e50a656dfee84431131c345910e753ffa198e6bf9ef19e50
- SSDEEP
  
  6144:rBlbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9T9I:NlQtqB5urTIoYWBQk1E+VF9mOx9i
Score

10^/10

hawkeye collection keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.