hawkeye | 5b91585b450a0eebcd9e9cde4313725563e981f837d0b0d26446692520e12f9c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...cf.exe

windows7-x64

JaffaCakes...cf.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_23bc66b499bfc507fd1e14628d90a2cf
Size

128KB
Sample

250226-ewqavayjv2
MD5

23bc66b499bfc507fd1e14628d90a2cf
SHA1

8a671990a27e718970652c90aeceab5e5fee8fe2
SHA256

5b91585b450a0eebcd9e9cde4313725563e981f837d0b0d26446692520e12f9c
SHA512

029f9c7189dff322cfe4096b0f210a480c1b30167484eefb9daa5578407c16527cb1d63dfdf9dd84ef330984c82cf731f10280aee1e818eb182606f6adaff5f7
SSDEEP

3072:lzPkD2B+Yvw3JjpK2ronSqjf5aX50sPCfOP82nSDvJ:lwSOjMqonHjf5aJdKOP3navJ

Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_23bc66b499bfc507fd1e14628d90a2cf.exe

Resource

win7-20240903-en

hawkeye discovery keylogger persistence spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_23bc66b499bfc507fd1e14628d90a2cf.exe

Resource

win10v2004-20250217-en

hawkeye discovery keylogger persistence spyware stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_23bc66b499bfc507fd1e14628d90a2cf
- Size
  
  128KB
- MD5
  
  23bc66b499bfc507fd1e14628d90a2cf
- SHA1
  
  8a671990a27e718970652c90aeceab5e5fee8fe2
- SHA256
  
  5b91585b450a0eebcd9e9cde4313725563e981f837d0b0d26446692520e12f9c
- SHA512
  
  029f9c7189dff322cfe4096b0f210a480c1b30167484eefb9daa5578407c16527cb1d63dfdf9dd84ef330984c82cf731f10280aee1e818eb182606f6adaff5f7
- SSDEEP
  
  3072:lzPkD2B+Yvw3JjpK2ronSqjf5aX50sPCfOP82nSDvJ:lwSOjMqonHjf5aJdKOP3navJ
Score

10^/10

hawkeye discovery keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyediscoverykeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy