HawkEye keylogger

Posted: March 23, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	246

First Seen:	March 23, 2016
Last Seen:	August 15, 2020
OS(es) Affected:	Windows

The HawkEye Keylogger is spyware that may collect information from your PC, including the login data for your accounts. Its authors sell licenses for this program out to third parties who may deploy it in various methods or make minor adjustments to its payload's configuration. Since the HawkEye Keylogger tries to conceal its components and activities from any victims, malware analysts encourage using anti-malware products for detecting or removing the HawkEye Keylogger from your computer.

More Spyware with Talons Aimed at Your Information

Many of the most personal details of threatening software arrive before the threat ever has installed itself on an unprotected PC. The characteristics around its mode of distribution, any secondary business models, and even its marketing campaigns all deliver clues as to the level of competence, professionalism, and experience of the associated con artists. The HawkEye Keylogger is a 'spyware as a third-party kit' style threat, and its creator, referring to himself as HawkEye Admin, has built a user-friendly marketing campaign for the spyware via YouTube.

The HawkEye Keylogger's author claims that any licenses other threat actors purchase never expire, allowing them to reuse the HawkEye Keylogger for as long as the spyware remains relevant. Current campaigns leveraging the spyware use spam e-mail attachments, with included fake DOC files hosting one of two Microsoft Word exploits. Some the HawkEye Keylogger installers also may use names implying that they're installing a Microsoft software.

Malware researchers point out the following as the core features of the HawkEye Keylogger:

As per its name, the HawkEye Keylogger performs keylogging: an attack that records all of your keyboard input to a text file, which it later may transfer to a remote server.
The HawkEye Keylogger also supports data-collecting features that are distinct to various programs, including all widely-used Web browsers, several e-mail clients, and different instant messaging applications.
The HawkEye Keylogger targets the Windows Clipboard (which stores information related to cutting, copying and pasting functions), preventing a victim from getting around its keylogger by copy-pasting passwords.
Like most modern keyloggers, the HawkEye Keylogger also can take screenshots on command for capturing data that displays visually without passing through other input methods that the HawkEye Keylogger monitors for potential exfiltration.

Redirecting Misappropriated Data Mid-Flight

The work that 'HawkEye Admin' has put into promoting the HawkEye Keylogger implies strongly that this threat is intended to be a long-duration project that will be receiving regular updates. However, what's most unusual about the HawkEye Keylogger is how some additional threat actors are choosing to use it. Its latest campaigns involve a mildly convoluted means of transferring collected information that exploits the previously-hacked e-mail accounts of unrelated third parties. A general rule forwards the collected data, but not any other e-mail traffic, to the real con artist e-mail account. This step was implemented possibly to protect the con artist's accounts from being traced by malware researchers or other industry experts.

Although its secondary users seem to put little faith in the HawkEye Keylogger's internal security, this spyware is fully capable of collecting an enormous range of confidential data. Its attacks encompass most widely-used Web applications and both 32 and 64-bit Windows environments. PC users can protect themselves from its current infection vectors by updating all Microsoft Office software and monitoring e-mail communications for potential threats.

Many anti-malware products have reliable rates of detection for this spyware, and should be able to remove the HawkEye Keylogger without trouble. However, dealing with a HawkEye Keylogger after the fact will not restore the privacy of any information already plucked by this digital predator's talons.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

904b5c28b1c01b2d68db22619bc4f681

File name: 904b5c28b1c01b2d68db22619bc4f681
Size: 881.66 KB (881664 bytes)
MD5: 904b5c28b1c01b2d68db22619bc4f681
Detection count: 48
Group: Malware file

59e255e597dc584a20009385367cc85e

File name: 59e255e597dc584a20009385367cc85e
Size: 1.88 MB (1882600 bytes)
MD5: 59e255e597dc584a20009385367cc85e
Detection count: 27
Group: Malware file

file.exe

File name: file.exe
Size: 828.41 KB (828416 bytes)
MD5: 6fdfa9d1b40f327bb65ea50f7409fa26
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

HawkEye