hawkeye | a708ca27a42f32dca3774e1fdec4ad25d581c84395562b1e4ccac1a3abc48395 | Triage

Sharing

General

Target

30c9a5c6b421f20ed4239c46079b292b
Size

23KB
Sample

231225-vz4weafeh2
MD5

30c9a5c6b421f20ed4239c46079b292b
SHA1

32932869cc47ca50da91de58f406f5ecd343291a
SHA256

a708ca27a42f32dca3774e1fdec4ad25d581c84395562b1e4ccac1a3abc48395
SHA512

d561c47c408086bd8bba0cb7656b4e1e7415252887cdf879b5201c797090f337cfbf5bd0f7f92e7eb0a92b5ba960dea1699e45af3b9f7c94f2556606073bf6c8
SSDEEP

384:/3Eh9xqX7jumYaNb6SxZLIXYQPhMVDrgHa/Dw1IFodlabry/labryJz:MhjgumLNblmOKwk1IOany9anyJz

Score

10^/10

hawkeye keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://mafube45655731.ngrok.io/web/upload.php

Targets

- Target
  
  30c9a5c6b421f20ed4239c46079b292b
- Size
  
  23KB
- MD5
  
  30c9a5c6b421f20ed4239c46079b292b
- SHA1
  
  32932869cc47ca50da91de58f406f5ecd343291a
- SHA256
  
  a708ca27a42f32dca3774e1fdec4ad25d581c84395562b1e4ccac1a3abc48395
- SHA512
  
  d561c47c408086bd8bba0cb7656b4e1e7415252887cdf879b5201c797090f337cfbf5bd0f7f92e7eb0a92b5ba960dea1699e45af3b9f7c94f2556606073bf6c8
- SSDEEP
  
  384:/3Eh9xqX7jumYaNb6SxZLIXYQPhMVDrgHa/Dw1IFodlabry/labryJz:MhjgumLNblmOKwk1IOany9anyJz
Score

10^/10

hawkeye keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Blocklisted process makes network request
- Drops file in Drivers directory
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerspywarestealertrojan

behavioral2

hawkeyekeyloggerspywarestealertrojan