hawkeye | b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4 | Triage

Submit
Reports

Overview

overview

Static

static

5

b8025d9ec1...f4.exe

windows7-x64

b8025d9ec1...f4.exe

windows10-2004-x64

Sharing

General

Target

b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4.exe
Size

1.7MB
Sample

241106-d3zmestjdv
MD5

51956d90e55c86ee8fa57a5f26625454
SHA1

be35dbe23ebfaa91d825bc161538e130c0886276
SHA256

b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4
SHA512

3ab50406431fe064d35dbcfac796935649d9c0e16d2dde50876988a4c19c7fcb73c709f71b39e9a4c06a11a55b09a008f6fc805a30fb6e80b4842355fb066596
SSDEEP

24576:ffmMv6Ckr7Mny5QLWsLisUV3+JQQeuLEIJgSn/Eg3q759rxv:f3v+7/5QLWqisQ+JQQeuLTJgxg3q9rxv

Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4.exe

Resource

win7-20240708-en

hawkeye collection discovery keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4.exe

Resource

win10v2004-20241007-en

hawkeye collection discovery keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.hammer-adv.net
Port:
587
Username:
[email protected]
Password:
**123123**

Targets

- Target
  
  b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4.exe
- Size
  
  1.7MB
- MD5
  
  51956d90e55c86ee8fa57a5f26625454
- SHA1
  
  be35dbe23ebfaa91d825bc161538e130c0886276
- SHA256
  
  b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4
- SHA512
  
  3ab50406431fe064d35dbcfac796935649d9c0e16d2dde50876988a4c19c7fcb73c709f71b39e9a4c06a11a55b09a008f6fc805a30fb6e80b4842355fb066596
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLWsLisUV3+JQQeuLEIJgSn/Eg3q759rxv:f3v+7/5QLWqisQ+JQQeuLTJgxg3q9rxv
Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

behavioral2

hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy