hawkeye | b814ba6f4fb3e960ce4508be9a4409a9f914097de8cf7a6255260987f9f650ab | Triage

Sharing

General

Target

ef962b6dc96472a374447fc8c2e4409c44532d1a446646f3dcd262b95143d0cb.zip
Size

851KB
Sample

241019-nfn8aavgnm
MD5

52de926748352c1cd9a1a816e370d841
SHA1

f75dab617d38368fea7d643c612e37713d2a390a
SHA256

b814ba6f4fb3e960ce4508be9a4409a9f914097de8cf7a6255260987f9f650ab
SHA512

77c2b5ea24586e98cf649f16645a2544f75e8dec54dbafafe7bf5a440ca5c30b362e041cc486d547012358fed95dc934ac24fe444c740e6845f0b1f9703995c5
SSDEEP

24576:5/J78tFTHCKJZ8e7OGaUdvfdSvCATRRQitrBb:5CzHCKJ2e7AuMTRR/N

Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
Promother2014

Targets

- Target
  
  ef962b6dc96472a374447fc8c2e4409c44532d1a446646f3dcd262b95143d0cb.exe
- Size
  
  1.0MB
- MD5
  
  019a689dcc5128d85718bd043197b311
- SHA1
  
  dfed1ea66306d5f8e5e6ac4d6b91b06e4adfeb0b
- SHA256
  
  ef962b6dc96472a374447fc8c2e4409c44532d1a446646f3dcd262b95143d0cb
- SHA512
  
  6cd55fe3d4c830845317dc9d02783b5616f65f2e10864c52518d75af66f57b02f7d1975bc125cfe916168418a19337960eaa9485622ca8f70da5884b83b09d61
- SSDEEP
  
  24576:4WAq81e5JEJFQWvtYG7KddInBz87zqNI++9rY/2uOM/dnuVtfO:8bevEJOWvt37KddIn5872+9M/2JM/dnh
Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoverykeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojan