HawkEye Malware: Technical Analysis

SUMMARY :

HawkEye, also known as PredatorPain, is a long-lived keylogger malware that has evolved to include stealer capabilities. Originating before 2010, it gained popularity in 2013 through spearphishing campaigns. The malware is typically delivered via phishing emails or compromised websites, and utilizes a multi-stage infection process involving file dropping, code injection, and persistence mechanisms. HawkEye's functionality includes keylogging, system information gathering, credential theft, wallet theft, screenshot capture, and security software detection. It can exfiltrate data through various methods and has been used by diverse threat actors, from criminal groups to script kiddies. The malware's versatility and ease of use have contributed to its continued prevalence in cybersecurity incidents.

OPENCTI LABELS :

keylogger,stealer,injection,exfiltration,spearphishing,persistence,hawkeye,predatorpain


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


HawkEye Malware: Technical Analysis