hawkeye | bde35d2817ab64fe26bfafc71b8e7c8d47ba08aa23d6ad15a26ff1ff3fbd99b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

b03ef6672d...18.exe

windows7-x64

b03ef6672d...18.exe

windows10-2004-x64

Sharing

General

Target

b03ef6672d4f79c1f4293cf7758b5794_JaffaCakes118
Size

1.7MB
Sample

240820-wjlwbszbpl
MD5

b03ef6672d4f79c1f4293cf7758b5794
SHA1

02278477f16bbc31bea3e103ceb83bd03a19c9e1
SHA256

bde35d2817ab64fe26bfafc71b8e7c8d47ba08aa23d6ad15a26ff1ff3fbd99b7
SHA512

de00feaafde5ac26d280473d11f0638da374bba40f19379cfadfdca045598bdf682f1070d2a781ddfad2bba2848e63ab64308083401cb345147f2f08b68a2253
SSDEEP

24576:r4lVqxn0YdlEnfami+SnU3s72ZYlv47O+W:rOcj3xmi+XhOt

Score

10^/10

hawkeye discovery evasion keylogger ransomware spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b03ef6672d4f79c1f4293cf7758b5794_JaffaCakes118.exe

Resource

win7-20240708-en

hawkeye discovery evasion keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b03ef6672d4f79c1f4293cf7758b5794_JaffaCakes118.exe

Resource

win10v2004-20240802-en

hawkeye discovery evasion keylogger ransomware spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  b03ef6672d4f79c1f4293cf7758b5794_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  b03ef6672d4f79c1f4293cf7758b5794
- SHA1
  
  02278477f16bbc31bea3e103ceb83bd03a19c9e1
- SHA256
  
  bde35d2817ab64fe26bfafc71b8e7c8d47ba08aa23d6ad15a26ff1ff3fbd99b7
- SHA512
  
  de00feaafde5ac26d280473d11f0638da374bba40f19379cfadfdca045598bdf682f1070d2a781ddfad2bba2848e63ab64308083401cb345147f2f08b68a2253
- SSDEEP
  
  24576:r4lVqxn0YdlEnfami+SnU3s72ZYlv47O+W:rOcj3xmi+XhOt
Score

10^/10

hawkeye discovery evasion keylogger spyware stealer trojan ransomware
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies firewall policy service
  evasion
- Renames multiple (255) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoveryevasionkeyloggerspywarestealertrojan

behavioral2

hawkeyediscoveryevasionkeyloggerransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy