hawkeye | 96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854 | Triage

Sharing

General

Target

96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
Size

2.1MB
Sample

201111-v8bdtd6mxx
MD5

16dcbff85a4dec40a185e8b99aba36a4
SHA1

0550ea379853c4e4c74f406c21ad14c9911f98f2
SHA256

96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
SHA512

b6041b36e300c9c27a0677847c14cef8a81f3cd576bdbea8aba0f8b755ca6d4a5a767b46e6149af09123e5495066c6b6acd77018c93a0ef9135bcd30c18c4553

Score

10^/10

hawkeye keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
- Size
  
  2.1MB
- MD5
  
  16dcbff85a4dec40a185e8b99aba36a4
- SHA1
  
  0550ea379853c4e4c74f406c21ad14c9911f98f2
- SHA256
  
  96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
- SHA512
  
  b6041b36e300c9c27a0677847c14cef8a81f3cd576bdbea8aba0f8b755ca6d4a5a767b46e6149af09123e5495066c6b6acd77018c93a0ef9135bcd30c18c4553
Score

10^/10

hawkeye keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerspywarestealertrojan

behavioral2

hawkeyekeyloggerspywarestealertrojan