Overview

overview

10

Static

static

3

40bdc01698...45.exe

windows7-x64

10

40bdc01698...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe

  • Size

    610KB

  • Sample

    250131-vlhq1stmgk

  • MD5

    cbff403de61e81792b6a6985d113f588

  • SHA1

    ca2b0aa201eb717b506df77c180cec5717eb3a9e

  • SHA256

    40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745

  • SHA512

    5c3b4b2a17de18008ca313fd374472bfd00b4818d3f2157ab703261ae89601a4d656d34081d21758eeac8e1438a838ae74db43cc29cb0306ad5bd70d666aa80a

  • SSDEEP

    12288:iDfY2d53bC+BSPRrZ9hh0LTAw1wQSRQqw/b3JuvQxoAPDKCn9AMxg:+fgFrih1wQbH4QxoAPF

Score
10/10
hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745.exe

    • Size

      610KB

    • MD5

      cbff403de61e81792b6a6985d113f588

    • SHA1

      ca2b0aa201eb717b506df77c180cec5717eb3a9e

    • SHA256

      40bdc01698c806663cb359cb632f36320837884062ddb6c440c8d11580bbc745

    • SHA512

      5c3b4b2a17de18008ca313fd374472bfd00b4818d3f2157ab703261ae89601a4d656d34081d21758eeac8e1438a838ae74db43cc29cb0306ad5bd70d666aa80a

    • SSDEEP

      12288:iDfY2d53bC+BSPRrZ9hh0LTAw1wQSRQqw/b3JuvQxoAPDKCn9AMxg:+fgFrih1wQbH4QxoAPF

    Score
    10/10
    hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Hawkeye family

      hawkeye

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks