hawkeye | e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a | Triage

Submit
Reports

Overview

overview

Static

static

3

e04070dabe...5a.exe

windows7-x64

3

e04070dabe...5a.exe

windows10-2004-x64

Sharing

General

Target

e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a
Size

1.1MB
Sample

240727-ff7evsybrm
MD5

96c2943d7065c6febb084c958b122dc1
SHA1

354029dc6ed072db2c2180baf068ce16a3a96e49
SHA256

e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a
SHA512

f28ba13b796d1ecd94069f88ef0fdd622d899cdc4508742470122eceec37d21cc53d6005f46073c559e3b1a7d72f11cd7a64fa5e33f58da2d610674055f0d25a
SSDEEP

24576:rbw+1bAypcW+Co+wd6hzCwZbZKLgPYPb+5SpwggAuf2MI:5VO61qpwhEEgPNJI2B

Score

10^/10

hawkeye collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a.exe

Resource

win10v2004-20240704-en

hawkeye collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.proracinglivorno.com
Port:
587
Username:
[email protected]
Password:
maverik68

Targets

- Target
  
  e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a
- Size
  
  1.1MB
- MD5
  
  96c2943d7065c6febb084c958b122dc1
- SHA1
  
  354029dc6ed072db2c2180baf068ce16a3a96e49
- SHA256
  
  e04070dabeb56e7c0457b3826b5973d7917f834407b435522e0421e60785f25a
- SHA512
  
  f28ba13b796d1ecd94069f88ef0fdd622d899cdc4508742470122eceec37d21cc53d6005f46073c559e3b1a7d72f11cd7a64fa5e33f58da2d610674055f0d25a
- SSDEEP
  
  24576:rbw+1bAypcW+Co+wd6hzCwZbZKLgPYPb+5SpwggAuf2MI:5VO61qpwhEEgPNJI2B
Score

10^/10

discovery hawkeye collection credential_access keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hawkeyecollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy