hawkeye | ddfef2f5dbafa1f0c839bca0446dd4fe543b2de5490dde3b7b9cb80ae41a5147 | Triage

Sharing

General

Target

ddfef2f5dbafa1f0c839bca0446dd4fe543b2de5490dde3b7b9cb80ae41a5147
Size

1.2MB
Sample

221120-mx6cfsab26
MD5

79e8d4f3d5a452b3db079c5689ca699c
SHA1

992e50f9c696400b74209306312d8359cb21cea8
SHA256

ddfef2f5dbafa1f0c839bca0446dd4fe543b2de5490dde3b7b9cb80ae41a5147
SHA512

7cfae13d6c78db45fc19cdc2f17d6014a284a51875be85d4aebc05f5181140d514e637b62bdf37f1b26006cf0acf40ad758d12b71784a6dfd47ca79769c7d596
SSDEEP

24576:QTo2qgs4cME/MPIGi95tzqd12B0JUxBSJ7HsoQU2crrjkjYoqPt948DKjk68n:evhEkPIZTzw2SUizn2c3jkjG9FDyC

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  ddfef2f5dbafa1f0c839bca0446dd4fe543b2de5490dde3b7b9cb80ae41a5147
- Size
  
  1.2MB
- MD5
  
  79e8d4f3d5a452b3db079c5689ca699c
- SHA1
  
  992e50f9c696400b74209306312d8359cb21cea8
- SHA256
  
  ddfef2f5dbafa1f0c839bca0446dd4fe543b2de5490dde3b7b9cb80ae41a5147
- SHA512
  
  7cfae13d6c78db45fc19cdc2f17d6014a284a51875be85d4aebc05f5181140d514e637b62bdf37f1b26006cf0acf40ad758d12b71784a6dfd47ca79769c7d596
- SSDEEP
  
  24576:QTo2qgs4cME/MPIGi95tzqd12B0JUxBSJ7HsoQU2crrjkjYoqPt948DKjk68n:evhEkPIZTzw2SUizn2c3jkjG9FDyC
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan