hawkeye | 77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3 | Triage

Sharing

General

Target

77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
Size

886KB
Sample

201109-nv21zarc6a
MD5

cd713c97872e4bef725c9ef8cda588a4
SHA1

e834055c3958f586870b8c6a5ded5bdc8fc9210f
SHA256

77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
SHA512

da579e72a0b21bbdb6a72cd8427654baafff0a10d2a519fedeae37d15826dab858ce1a076ebbe6c89414a54d2d9fe51db095a246e6577c7da74af643ea0394d8

Score

10^/10

hawkeye keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
- Size
  
  886KB
- MD5
  
  cd713c97872e4bef725c9ef8cda588a4
- SHA1
  
  e834055c3958f586870b8c6a5ded5bdc8fc9210f
- SHA256
  
  77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
- SHA512
  
  da579e72a0b21bbdb6a72cd8427654baafff0a10d2a519fedeae37d15826dab858ce1a076ebbe6c89414a54d2d9fe51db095a246e6577c7da74af643ea0394d8
Score

10^/10

hawkeye keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerspywarestealertrojan

behavioral2

hawkeyekeyloggerspywarestealertrojan