hawkeye | f02d4088e540950abffd329187e2e4bed685621eb22b01ad888a581fabfa002c | Triage

Submit
Reports

Overview

overview

Static

static

9

e4b9b54d28...18.exe

windows7-x64

e4b9b54d28...18.exe

windows10-2004-x64

Sharing

General

Target

e4b9b54d28b835cae6615be8ffafeaef_JaffaCakes118
Size

722KB
Sample

240916-n6k9bawekg
MD5

e4b9b54d28b835cae6615be8ffafeaef
SHA1

f4e5c599ca08a168df51c8139162987bd1aa2f8d
SHA256

f02d4088e540950abffd329187e2e4bed685621eb22b01ad888a581fabfa002c
SHA512

661c493ec9d88d47d927be648c817413053ace1ad7a189af9c0669fd079540f05f4864174d582e3a462c9300fc604a3e0faee9b838a40c7924576195dac7114e
SSDEEP

12288:7rQtqB5urTIoYWBQk1E+VF9mOx9ufr4Mu32f/8qG:7rQtqBorTlYWBhE+V3mOK436/8qG

Score

10^/10

hawkeye collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e4b9b54d28b835cae6615be8ffafeaef_JaffaCakes118.exe

Resource

win7-20240903-en

hawkeye collection credential_access discovery keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4b9b54d28b835cae6615be8ffafeaef_JaffaCakes118.exe

Resource

win10v2004-20240802-en

hawkeye collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
25561210

Targets

- Target
  
  e4b9b54d28b835cae6615be8ffafeaef_JaffaCakes118
- Size
  
  722KB
- MD5
  
  e4b9b54d28b835cae6615be8ffafeaef
- SHA1
  
  f4e5c599ca08a168df51c8139162987bd1aa2f8d
- SHA256
  
  f02d4088e540950abffd329187e2e4bed685621eb22b01ad888a581fabfa002c
- SHA512
  
  661c493ec9d88d47d927be648c817413053ace1ad7a189af9c0669fd079540f05f4864174d582e3a462c9300fc604a3e0faee9b838a40c7924576195dac7114e
- SSDEEP
  
  12288:7rQtqB5urTIoYWBQk1E+VF9mOx9ufr4Mu32f/8qG:7rQtqBorTlYWBhE+V3mOK436/8qG
Score

10^/10

hawkeye collection credential_access discovery keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

hawkeyecollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy