hawkeye | bf42f4199d400de133a68ed59648cdbaa1a95777e93735ae723ebf027080f572 | Triage

Sharing

General

Target

bf42f4199d400de133a68ed59648cdbaa1a95777e93735ae723ebf027080f572
Size

569KB
Sample

221127-ca3ypsfb5s
MD5

b0f7f0bd69666af96433c0b100f67b17
SHA1

ab015d53a0ce8fc6f37e20cdf5a7c11d7e2ec76c
SHA256

bf42f4199d400de133a68ed59648cdbaa1a95777e93735ae723ebf027080f572
SHA512

d47cb20326ac79d05e60b7becdcc9783f03114923dba0b2c2ea3ad24d2cc6ce3b5de473fc60aa1a107188737cad1c76984921679003af87293647d916f579d7b
SSDEEP

12288:FScfcv7ZcVDtUa2fARjhil2JB8PblP4EccL/MBC7zvnpkx7PmG:FScEv7mxUa22ikJyD5cUkB

Score

10^/10

hawkeye collection keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  bf42f4199d400de133a68ed59648cdbaa1a95777e93735ae723ebf027080f572
- Size
  
  569KB
- MD5
  
  b0f7f0bd69666af96433c0b100f67b17
- SHA1
  
  ab015d53a0ce8fc6f37e20cdf5a7c11d7e2ec76c
- SHA256
  
  bf42f4199d400de133a68ed59648cdbaa1a95777e93735ae723ebf027080f572
- SHA512
  
  d47cb20326ac79d05e60b7becdcc9783f03114923dba0b2c2ea3ad24d2cc6ce3b5de473fc60aa1a107188737cad1c76984921679003af87293647d916f579d7b
- SSDEEP
  
  12288:FScfcv7ZcVDtUa2fARjhil2JB8PblP4EccL/MBC7zvnpkx7PmG:FScEv7mxUa22ikJyD5cUkB
Score

10^/10

hawkeye collection keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyecollectionkeyloggerspywarestealertrojan

behavioral2

hawkeyecollectionkeyloggerspywarestealertrojan