hawkeye | d2f37defece3c1defea854210132fb3437332919142c4ba9528be44dcea5d380 | Triage

Sharing

General

Target

JaffaCakes118_e26e6ef9660d3da5955c4f99d745040e
Size

37KB
Sample

250211-emmtcswphn
MD5

e26e6ef9660d3da5955c4f99d745040e
SHA1

10c3b8185b030bc50fc7bb88a39e44ec8979b849
SHA256

d2f37defece3c1defea854210132fb3437332919142c4ba9528be44dcea5d380
SHA512

bab038c6583024a5f24e06e1bc3908151b09e1c816f7a5bb0a30d904596b7e713e92017f622ae46962cfef31ca5d708f60e34233553098578990fafe3f60f26a
SSDEEP

768:xuuzmc74DmmRmz0f6lhrqn/R1KV3zvsBB6qcs0p53hFnsiFJzue6rw4:5uDmmRmzXTrC/RwJ+3Ap5RFnsiF56rV

Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
monsterrtruck

Targets

- Target
  
  JaffaCakes118_e26e6ef9660d3da5955c4f99d745040e
- Size
  
  37KB
- MD5
  
  e26e6ef9660d3da5955c4f99d745040e
- SHA1
  
  10c3b8185b030bc50fc7bb88a39e44ec8979b849
- SHA256
  
  d2f37defece3c1defea854210132fb3437332919142c4ba9528be44dcea5d380
- SHA512
  
  bab038c6583024a5f24e06e1bc3908151b09e1c816f7a5bb0a30d904596b7e713e92017f622ae46962cfef31ca5d708f60e34233553098578990fafe3f60f26a
- SSDEEP
  
  768:xuuzmc74DmmRmz0f6lhrqn/R1KV3zvsBB6qcs0p53hFnsiFJzue6rw4:5uDmmRmzXTrC/RwJ+3Ap5RFnsiF56rV
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan discovery
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojan