hawkeye | 7c276e985c448674f7e059056ad46e4f9e64dd02410bffa4ba231556f9b5c2ee | Triage

Sharing

General

Target

diamnd1_20701926235.zip
Size

8KB
Sample

250108-zwmj6stkbx
MD5

82386a87fc34a9ec427bbe41da51f318
SHA1

1a3b0769729c532a33a2d028622d5adcb3eff710
SHA256

7c276e985c448674f7e059056ad46e4f9e64dd02410bffa4ba231556f9b5c2ee
SHA512

ee4690b19556e7db189e6b6aafa4f8eaa4872fb8a821390b24d5c539d16c0eafd644bfad92bed574b0d5c12033138b90be0df50bf585a476f806859f0bb6a71b
SSDEEP

192:/QwhzsXUlkpnEuSDJnWDlQ+UR4bpZG5huJdlur+gwJruT:/ntsEliODtpKXG8d4yPJI

Score

10^/10

hawkeye discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://mafube45655731.ngrok.io/web/upload.php

Targets

- Target
  
  573ef8369339b73b4c7bbd0f12495b665cf23b00530de441cfe85c5098037829
- Size
  
  23KB
- MD5
  
  5beee0f2a1e0a366260a7c5da4f5e05b
- SHA1
  
  2e21a37b420f1922883666aa5477ee6ec6d848cc
- SHA256
  
  573ef8369339b73b4c7bbd0f12495b665cf23b00530de441cfe85c5098037829
- SHA512
  
  4b3c68bb3894ce1a30b33dc3f45a4e6e4bf69d5d938ce8073d0a1a713b76abae96f85d244a6b4d8f4177bf4c7a90637c41eadf290a7eb76dd79cadde94beb61a
- SSDEEP
  
  384:/3Eh9xqX7jumYaNb6SxZLIXYQPhMVDrgHa/Dw1IFodlabry/labryJT:MhjgumLNblmOKwk1IOany9anyJT
Score

10^/10

hawkeye discovery execution keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Blocklisted process makes network request
- Drops file in Drivers directory
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

hawkeyediscoveryexecutionkeyloggerspywarestealertrojan