hawkeye

General

Target

JaffaCakes118_737185979857843bfb7af2a47d4736e6
Size

2.2MB
Sample

250201-tc1d2ayqc1
MD5

737185979857843bfb7af2a47d4736e6
SHA1

8a1f10e0ed58486b296693ba6923a67d7ef8bcfb
SHA256

10dc0b0c66da1120c8c61113d1be51a6142c07e8336e9aa0d6f8508392932bec
SHA512

cbc2a2361bc0fe8ba195f01b70eeda06d5366250c0147b43020e48627a565d76ebf75af8675b6f3c256f72421e89ebbe72bcabb05e335d07a9095d528a50445b
SSDEEP

49152:KULuIwA0osnnqXnnIHnJRlkAaOogN/7zksUPG6KKV3o9WAizTqn1wAninCoX8zn:K6uIwA0osnnqXnnIHnJT+5gNjxio4AiD

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
nigars232@gmail.com
Password:
sinasaid

Targets

- Target
  
  JaffaCakes118_737185979857843bfb7af2a47d4736e6
- Size
  
  2.2MB
- MD5
  
  737185979857843bfb7af2a47d4736e6
- SHA1
  
  8a1f10e0ed58486b296693ba6923a67d7ef8bcfb
- SHA256
  
  10dc0b0c66da1120c8c61113d1be51a6142c07e8336e9aa0d6f8508392932bec
- SHA512
  
  cbc2a2361bc0fe8ba195f01b70eeda06d5366250c0147b43020e48627a565d76ebf75af8675b6f3c256f72421e89ebbe72bcabb05e335d07a9095d528a50445b
- SSDEEP
  
  49152:KULuIwA0osnnqXnnIHnJRlkAaOogN/7zksUPG6KKV3o9WAizTqn1wAninCoX8zn:K6uIwA0osnnqXnnIHnJT+5gNjxio4AiD
Score

10^/10

hawkeye credential_access discovery keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2