hawkeye

General

Target

JaffaCakes118_6e4b96da9037229482d1ea0dd444c090
Size

704KB
Sample

250103-v41pjsvnat
MD5

6e4b96da9037229482d1ea0dd444c090
SHA1

1e637737d86ee9d16bf20d9ec6dd17b38e26bd31
SHA256

f9e10510e6e41ecfde42194fdc2cf7794396685ae4f62f0139b914506e6d440a
SHA512

576d97aa0b0dacd3018fde1baee67ff4e6659f50417abd696194e52e23851a2da963cd7dd30f2adf5bd306797c60abacae032978f31f8764d359167428900425
SSDEEP

12288:koiKWGxmFSMP33skpS766H6HnGQ+2oalkXnYjEmXfMmywFyXzjUa5KhIRXkOqa:fiKS6kpS766HGGR2oaCYpXfH/FMjTASB

Score

10^/10

Malware Config

Targets

- Target
  
  Payment. Slip.........exe
- Size
  
  891KB
- MD5
  
  97b5a0664daa1d56844f28f5c7a7c298
- SHA1
  
  a185680cd60792ef667c3b164a263d392a88b816
- SHA256
  
  d3ce55e58da38a50612d5bc9c2ffcff110e1d591e90fc7475cf952fa9ff1f676
- SHA512
  
  3745e961140b5efe45858cdf5217d82fde55fa666c950d1af5036616f2cc461ffbbde8672d16e1d2f09133c2d4680cbecf5a51ba56daa9c42bedf85465b3dea6
- SSDEEP
  
  12288:tGHwKgGVmFSMjt9cKpy7a6fSp3GYg26anGXHyjEoXfM0y2nyjzBU+Qkw:tewKU6Kpy7a6fgG/26aEybXfD/nuBhQ
Score

10^/10

hawkeye collection discovery keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2