hawkeye | e2ab27c104c32fea4631de8cb40731288d6c866c134b727475dbe96c78d16bba | Triage

Sharing

General

Target

e2ab27c104c32fea4631de8cb40731288d6c866c134b727475dbe96c78d16bba
Size

616KB
Sample

221125-vqdymaca82
MD5

39f88bd5f2192b565c5a30d7c2227e24
SHA1

8166c63bc5260e6458dfc3c5453297310a0e8f0a
SHA256

e2ab27c104c32fea4631de8cb40731288d6c866c134b727475dbe96c78d16bba
SHA512

2f84a70768cea20b6d2c94b92158ec3cf7e7dd90c823153c3b331826c9244a012c0df4f0563e94a79b5313a178864508c59698cd009c1fb20048900892172dfe
SSDEEP

12288:4KQSwV21oiQCuY7oCQ6EQ28HTLdaDTgJD2sy3EW:4Kt00c13AzYDT

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  e2ab27c104c32fea4631de8cb40731288d6c866c134b727475dbe96c78d16bba
- Size
  
  616KB
- MD5
  
  39f88bd5f2192b565c5a30d7c2227e24
- SHA1
  
  8166c63bc5260e6458dfc3c5453297310a0e8f0a
- SHA256
  
  e2ab27c104c32fea4631de8cb40731288d6c866c134b727475dbe96c78d16bba
- SHA512
  
  2f84a70768cea20b6d2c94b92158ec3cf7e7dd90c823153c3b331826c9244a012c0df4f0563e94a79b5313a178864508c59698cd009c1fb20048900892172dfe
- SSDEEP
  
  12288:4KQSwV21oiQCuY7oCQ6EQ28HTLdaDTgJD2sy3EW:4Kt00c13AzYDT
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojan

behavioral2