hawkeye | 567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4 | Triage

Sharing

General

Target

1e95e087ddc336bc8cc038866c629537_JaffaCakes118
Size

411KB
Sample

240702-j2bf4atdlb
MD5

1e95e087ddc336bc8cc038866c629537
SHA1

68ff0f62b626aae7f11d5a1d7e2f7906cbe1a606
SHA256

567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4
SHA512

5e999094124243fccb6ed9f4eda9df203e527ca48c6d01126258b16c9f9b2546e6e4bb9a89db6b8e49cab71f3ec8625e42d2f3245603d0e3229df6b766ce0c15
SSDEEP

12288:nPCNpaWbDrPHwfoXjRrPzD1lbMoKGRtq:Pd+8Uj5PnjbMoKD

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  1e95e087ddc336bc8cc038866c629537_JaffaCakes118
- Size
  
  411KB
- MD5
  
  1e95e087ddc336bc8cc038866c629537
- SHA1
  
  68ff0f62b626aae7f11d5a1d7e2f7906cbe1a606
- SHA256
  
  567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4
- SHA512
  
  5e999094124243fccb6ed9f4eda9df203e527ca48c6d01126258b16c9f9b2546e6e4bb9a89db6b8e49cab71f3ec8625e42d2f3245603d0e3229df6b766ce0c15
- SSDEEP
  
  12288:nPCNpaWbDrPHwfoXjRrPzD1lbMoKGRtq:Pd+8Uj5PnjbMoKD
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojan