hawkeye_reborn | 729bb1c1ef5a32944905a3a261cc1fcd9d3d3fd811ea78bf13c1db0c8fc79537 | Triage

Sharing

General

Target

Notifikatiounsdokument 031020.exe
Size

1.9MB
Sample

200205-2py68krddx
MD5

d736500558975b57a94cb005746fd41d
SHA1

9cfc3e56480244c8da8ea991cd871d3a626752f4
SHA256

729bb1c1ef5a32944905a3a261cc1fcd9d3d3fd811ea78bf13c1db0c8fc79537
SHA512

5ec4646171951b3d0535a787d5526fc76da0c946c86c07bb2eb584439988a6751b403abd14ca9bf469761b37505e13141fc581513d6c1ae43340aa63f2045930

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Notifikatiounsdokument 031020.exe
- Size
  
  1.9MB
- MD5
  
  d736500558975b57a94cb005746fd41d
- SHA1
  
  9cfc3e56480244c8da8ea991cd871d3a626752f4
- SHA256
  
  729bb1c1ef5a32944905a3a261cc1fcd9d3d3fd811ea78bf13c1db0c8fc79537
- SHA512
  
  5ec4646171951b3d0535a787d5526fc76da0c946c86c07bb2eb584439988a6751b403abd14ca9bf469761b37505e13141fc581513d6c1ae43340aa63f2045930
Score

10^/10

spyware keylogger trojan stealer hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Uses the VBS compiler for execution
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

task1

spywarekeyloggertrojanstealerhawkeye_reborn

task2

keyloggertrojanstealerspywarehawkeye_reborn