hawkeye | 91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62 | Triage

Submit
Reports

Overview

overview

Static

static

3

btc-receipt.exe

windows7-x64

btc-receipt.exe

windows10-2004-x64

Sharing

General

Target

btc-receipt.exe
Size

780KB
Sample

250210-lmlpmaxqfz
MD5

0c93904abb61aaf75ef8f7210de308e6
SHA1

3eae214dd0cd6051d9dca98392c07085f171f2a7
SHA256

91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62
SHA512

c9c6de347b26c1b76e50cd3c500d1e7f020810562b6eb257f7160efe8fed4b95d4f664f94f0ec1fe6e12640473098008b6d4d1fbf2a4b5ba05e5f62b20539db7
SSDEEP

12288:J2tgXH3sduObXsHylkxlOG6+iJN+CeS9hs7hh8Txf5NTh3ZUaeso9JTaP5lREAmD:gtTClOG6pf33rehWNt3mJ/S

Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

btc-receipt.exe

Resource

win7-20241010-en

hawkeye collection discovery keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

btc-receipt.exe

Resource

win10v2004-20250207-en

hawkeye collection discovery keylogger spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.vanithafireworks.com
Port:
587
Username:
[email protected]
Password:
Vonline@2021

Targets

- Target
  
  btc-receipt.exe
- Size
  
  780KB
- MD5
  
  0c93904abb61aaf75ef8f7210de308e6
- SHA1
  
  3eae214dd0cd6051d9dca98392c07085f171f2a7
- SHA256
  
  91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62
- SHA512
  
  c9c6de347b26c1b76e50cd3c500d1e7f020810562b6eb257f7160efe8fed4b95d4f664f94f0ec1fe6e12640473098008b6d4d1fbf2a4b5ba05e5f62b20539db7
- SSDEEP
  
  12288:J2tgXH3sduObXsHylkxlOG6+iJN+CeS9hs7hh8Txf5NTh3ZUaeso9JTaP5lREAmD:gtTClOG6pf33rehWNt3mJ/S
Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

behavioral2

hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy