hawkeye | 9f1f28be4c21032cba96c553adf0b3b0874020bbc3caf7da31be41df464aa5cf | Triage

Sharing

General

Target

74e5ed5269a7436d2c634d718dd0a36a_JaffaCakes118
Size

169KB
Sample

240726-vb54kateqb
MD5

74e5ed5269a7436d2c634d718dd0a36a
SHA1

9f96d79d44fd3d5e62345bb112c35b5653775379
SHA256

9f1f28be4c21032cba96c553adf0b3b0874020bbc3caf7da31be41df464aa5cf
SHA512

cd2f3ff28b49a0faded600390f03ec61845f943cfb2b1b231e3dbab441107a34bd8a824de2a080e9249c609a653268c4c057f084ba63273cd439e89e9d3e69b0
SSDEEP

3072:FXKqLsn1Qbx8JQiKpZHekPD0qBxc9XOLWEqtaYGnPxENBbealADWCUgC61:F2SbxmQiuH7PD0qBxuXOCiYOPxENBK5D

Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  74e5ed5269a7436d2c634d718dd0a36a_JaffaCakes118
- Size
  
  169KB
- MD5
  
  74e5ed5269a7436d2c634d718dd0a36a
- SHA1
  
  9f96d79d44fd3d5e62345bb112c35b5653775379
- SHA256
  
  9f1f28be4c21032cba96c553adf0b3b0874020bbc3caf7da31be41df464aa5cf
- SHA512
  
  cd2f3ff28b49a0faded600390f03ec61845f943cfb2b1b231e3dbab441107a34bd8a824de2a080e9249c609a653268c4c057f084ba63273cd439e89e9d3e69b0
- SSDEEP
  
  3072:FXKqLsn1Qbx8JQiKpZHekPD0qBxc9XOLWEqtaYGnPxENBbealADWCUgC61:F2SbxmQiuH7PD0qBxuXOCiYOPxENBK5D
Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoverykeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojan