hawkeye

General

Target

ff36ed82db4fa8dad1e6a436b119761a_JaffaCakes118
Size

669KB
Sample

240929-x4h6ls1cpb
MD5

ff36ed82db4fa8dad1e6a436b119761a
SHA1

e1b241721d7f795d0523aab01a49bba0afc7fd18
SHA256

cfdc1975246238cb2a1fa83d4e6e8ee4383d53fa8b4ed816f7efd2302cba8e26
SHA512

49eb187d3a07fcb38ab77d6105fade7fc6a37888fe9b96a930212da269aa82c61d6e32e08de69b51ef8fe580e11156f55c9909bee6db6824cbd4e379f5710cd6
SSDEEP

12288:KT3OX1MJk11fWa/rx9eK26gt5BK9VrOnTVvwaoL/Qf2x:KjOCkScx96ZfK9VSnTVo/82

Score

10^/10

Malware Config

Targets

- Target
  
  ff36ed82db4fa8dad1e6a436b119761a_JaffaCakes118
- Size
  
  669KB
- MD5
  
  ff36ed82db4fa8dad1e6a436b119761a
- SHA1
  
  e1b241721d7f795d0523aab01a49bba0afc7fd18
- SHA256
  
  cfdc1975246238cb2a1fa83d4e6e8ee4383d53fa8b4ed816f7efd2302cba8e26
- SHA512
  
  49eb187d3a07fcb38ab77d6105fade7fc6a37888fe9b96a930212da269aa82c61d6e32e08de69b51ef8fe580e11156f55c9909bee6db6824cbd4e379f5710cd6
- SSDEEP
  
  12288:KT3OX1MJk11fWa/rx9eK26gt5BK9VrOnTVvwaoL/Qf2x:KjOCkScx96ZfK9VSnTVo/82
Score

10^/10

hawkeye collection discovery keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2