![]() ![]() No anti-VM techniques were in use, at least none able to detected my VMware based virtual lab. net assemblies and it tells us that this file is indeed a. So I decided to have a look and opened it in CFF Explorer.ĬFF Explorer is like PEStudio for. ![]() So I had access to the “potential” builder and not only to the samples that were collected on the wild and mentioned on the technical articles I’ve found. From I was redirected to and… guess what? All their software belongs to us… Maybe due to a misconfiguration (or not) I could download ‘HawkEye Keylogger Reborn’ and some other malicious software that the same author is selling. During the last month I noticed that it goes down and comes back from time to time. At the time of this writing the home page is down, it should come up again at some point. It is sold for more or less $35, depending on each type of license you are interested in. While searching the web I’ve found a few ‘HawkEye’ technical analysis (see references at the end of this blog post), and while poking around I ended on the home page of ‘HawkEye’. ![]() The lesson here is even a sloppy malware writers can make a profit without hiding themselves that much. ‘HawkEye’ didn’t look an advanced piece of malware and the authors/sellers apparently are doing a sloppy job. ![]() However, it seemed, at first, that the previous versions were a bit different from the latest ‘Reborn’ version. The source code might have been shared/sold among some malicious software writers.Īfter a bit of digging I could also find some previous versions of ‘HawkEye’ cracked. I’m not sure if the author(s) behind them are the same. In fact it seems that ‘HawkEye’ was using a different name before, ‘Predator Keylogger’, as you can see in this post from stopmalvertising. I’ve found the amount of features quite interesting and I was curious to have a closer look at the source code.Īfter some research it seems this Keylogger has been successfully used in some campaigns in the past and it is still being actively used.Īctually ‘HawkEye’ is best known in the AV industry by ‘Golroted’. By Deniable Tuto, Forensics, Radare2, Comments Ref & Author : had never heard of ‘HawkEye Keylogger’ until I’ve read the following blog post from Trustwave. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |