hawkeye | b1124801e3017dc9d8236952dd5feaf93d3173216727393260b5a3063e0f610e | Triage

Sharing

General

Target

9ef1101c98240db561dd1fc742ff5078_JaffaCakes118
Size

546KB
Sample

240816-szkreswdmp
MD5

9ef1101c98240db561dd1fc742ff5078
SHA1

f9cc6899ccd02acdd5962ff91d5b197e6447e6b2
SHA256

b1124801e3017dc9d8236952dd5feaf93d3173216727393260b5a3063e0f610e
SHA512

4d6617e1b4af5892dda53822a10e1d068cb491bede1ace886a2dbdedd363fa19f7bd4d4c5530b17b8b824ed5c2969dde2ab24aa739811b78532162a6345c4589
SSDEEP

12288:pwB3Y/TEBw+hPUhKB9tL90HDqMO0MJOCtwFMtK3mabSJR:I3Yb2w+J5jQOT0MVAWaOJR

Score

10^/10

hawkeye discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  9ef1101c98240db561dd1fc742ff5078_JaffaCakes118
- Size
  
  546KB
- MD5
  
  9ef1101c98240db561dd1fc742ff5078
- SHA1
  
  f9cc6899ccd02acdd5962ff91d5b197e6447e6b2
- SHA256
  
  b1124801e3017dc9d8236952dd5feaf93d3173216727393260b5a3063e0f610e
- SHA512
  
  4d6617e1b4af5892dda53822a10e1d068cb491bede1ace886a2dbdedd363fa19f7bd4d4c5530b17b8b824ed5c2969dde2ab24aa739811b78532162a6345c4589
- SSDEEP
  
  12288:pwB3Y/TEBw+hPUhKB9tL90HDqMO0MJOCtwFMtK3mabSJR:I3Yb2w+J5jQOT0MVAWaOJR
Score

10^/10

hawkeye discovery evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoveryevasionkeyloggerpersistencespywarestealertrojan