hawkeye | 4862edfbf96fcb5c48f2b095f5e111d550e5c771d87e0576c6aaaae4095fe550 | Triage

Submit
Reports

Overview

overview

Static

static

9

cd86e9d8e3...18.exe

windows7-x64

cd86e9d8e3...18.exe

windows10-2004-x64

Sharing

General

Target

cd86e9d8e318a3058e58bca4ae0197c6_JaffaCakes118
Size

521KB
Sample

240831-y1p1estblm
MD5

cd86e9d8e318a3058e58bca4ae0197c6
SHA1

7f3f13309f866715df4e834b1e1be30efe7bbae2
SHA256

4862edfbf96fcb5c48f2b095f5e111d550e5c771d87e0576c6aaaae4095fe550
SHA512

af31c2763638fce6584ca3651ff06a8b641cba14d3d2399dc000e94060e8e6a244ee3eb78bdc7ea3758dfae5fe71f2e7766b77cb232c5f3a819d0c5ec7bbd978
SSDEEP

6144:ju2qZeCMbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx93:3CMQtqB5urTIoYWBQk1E+VF9mOx9fi

Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

cd86e9d8e318a3058e58bca4ae0197c6_JaffaCakes118.exe

Resource

win7-20240704-en

hawkeye discovery keylogger persistence spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd86e9d8e318a3058e58bca4ae0197c6_JaffaCakes118.exe

Resource

win10v2004-20240802-en

hawkeye discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd86e9d8e318a3058e58bca4ae0197c6_JaffaCakes118
- Size
  
  521KB
- MD5
  
  cd86e9d8e318a3058e58bca4ae0197c6
- SHA1
  
  7f3f13309f866715df4e834b1e1be30efe7bbae2
- SHA256
  
  4862edfbf96fcb5c48f2b095f5e111d550e5c771d87e0576c6aaaae4095fe550
- SHA512
  
  af31c2763638fce6584ca3651ff06a8b641cba14d3d2399dc000e94060e8e6a244ee3eb78bdc7ea3758dfae5fe71f2e7766b77cb232c5f3a819d0c5ec7bbd978
- SSDEEP
  
  6144:ju2qZeCMbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx93:3CMQtqB5urTIoYWBQk1E+VF9mOx9fi
Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoverykeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy