hawkeye | 805d22047aa58968b27b172380eef58877f5b96177d21c77e3dd16fe891bce0b | Triage

Sharing

General

Target

d6f9fd8a8720a51076be8f7b25278d4b_JaffaCakes118
Size

478KB
Sample

240909-ydmxjsybna
MD5

d6f9fd8a8720a51076be8f7b25278d4b
SHA1

1ca7cce3fad42b219702975306f3d8e6d62cf6e6
SHA256

805d22047aa58968b27b172380eef58877f5b96177d21c77e3dd16fe891bce0b
SHA512

0c973ce58e4aa0645f6b5f193e91e5e356a3956e08f054a08b44b41759bc383c3c60f9c0f5bc3db2225fd9a3097e945fc88e6c1e42c12cc0b31612219a5b69aa
SSDEEP

12288:e9jBgFYsPt4Hp9ujwkSBv7Gz5dbMi8nPgOz6JQrrWM7vFnifpGZ1X3WAr+ybzxw4:erg7t4Hp9ujwkSBv7Gz5dbMi8nPgOz6Q

Score

10^/10

hawkeye discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d6f9fd8a8720a51076be8f7b25278d4b_JaffaCakes118
- Size
  
  478KB
- MD5
  
  d6f9fd8a8720a51076be8f7b25278d4b
- SHA1
  
  1ca7cce3fad42b219702975306f3d8e6d62cf6e6
- SHA256
  
  805d22047aa58968b27b172380eef58877f5b96177d21c77e3dd16fe891bce0b
- SHA512
  
  0c973ce58e4aa0645f6b5f193e91e5e356a3956e08f054a08b44b41759bc383c3c60f9c0f5bc3db2225fd9a3097e945fc88e6c1e42c12cc0b31612219a5b69aa
- SSDEEP
  
  12288:e9jBgFYsPt4Hp9ujwkSBv7Gz5dbMi8nPgOz6JQrrWM7vFnifpGZ1X3WAr+ybzxw4:erg7t4Hp9ujwkSBv7Gz5dbMi8nPgOz6Q
Score

10^/10

hawkeye discovery evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoveryevasionkeyloggerpersistencespywarestealertrojan