hawkeye | 1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84 | Triage

Sharing

General

Target

1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84
Size

2.1MB
Sample

201115-ltatr7xszn
MD5

2867b3c9e16f2be5bbcb595d8cf90676
SHA1

4a0c9a455cc240ac71c125be97019923965f1ad5
SHA256

1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84
SHA512

c0f6e77fd35e5e9aa4a88664302d7c2f29b72cf8f1422b6cda5ad7d4d9e3e8109802c02b3beeb5e7e7205e67f5f78b3ca7dcc187a6f72e2bf8e0ff80e390164e

Score

10^/10

hawkeye keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84
- Size
  
  2.1MB
- MD5
  
  2867b3c9e16f2be5bbcb595d8cf90676
- SHA1
  
  4a0c9a455cc240ac71c125be97019923965f1ad5
- SHA256
  
  1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84
- SHA512
  
  c0f6e77fd35e5e9aa4a88664302d7c2f29b72cf8f1422b6cda5ad7d4d9e3e8109802c02b3beeb5e7e7205e67f5f78b3ca7dcc187a6f72e2bf8e0ff80e390164e
Score

10^/10

hawkeye keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerspywarestealertrojan

behavioral2

hawkeyekeyloggerspywarestealertrojan