HawkEye Malware: Technical Analysis

Tags

External References

• https://any.run/
• https://otx.alienvault.com/

Description

HawkEye, also known as PredatorPain, is a long-lived keylogger malware that has evolved to include stealer capabilities. Originating before 2010, it gained popularity in 2013 through spearphishing campaigns. The malware is typically delivered via phishing emails or compromised websites, and utilizes a multi-stage infection process involving file dropping, code injection, and persistence mechanisms. HawkEye's functionality includes keylogging, system information gathering, credential theft, wallet theft, screenshot capture, and security software detection. It can exfiltrate data through various methods and has been used by diverse threat actors, from criminal groups to script kiddies. The malware's versatility and ease of use have contributed to its continued prevalence in cybersecurity incidents.

Date