hawkeye_reborn | aa01798101f8b75f82ecd6dbd29d0f0e7eac854a723d3cd2c5c571262b1930ac | Triage

Sharing

General

Target

5e9f9c567f2286a5011027090b1462d5
Size

2.0MB
Sample

200211-avg2e3mhh2
MD5

5e9f9c567f2286a5011027090b1462d5
SHA1

82ea25e7ed15171ebeaf604393a3c08097ca6ed4
SHA256

aa01798101f8b75f82ecd6dbd29d0f0e7eac854a723d3cd2c5c571262b1930ac
SHA512

35528136ca68b2059c459f0de596fad2d553b1a7011000a82a6b51409812dd72e357c5c8ec8ee6ffb6f64c87a5ee34ec8d4448eea260721f109390bc54636f65

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  5e9f9c567f2286a5011027090b1462d5
- Size
  
  2.0MB
- MD5
  
  5e9f9c567f2286a5011027090b1462d5
- SHA1
  
  82ea25e7ed15171ebeaf604393a3c08097ca6ed4
- SHA256
  
  aa01798101f8b75f82ecd6dbd29d0f0e7eac854a723d3cd2c5c571262b1930ac
- SHA512
  
  35528136ca68b2059c459f0de596fad2d553b1a7011000a82a6b51409812dd72e357c5c8ec8ee6ffb6f64c87a5ee34ec8d4448eea260721f109390bc54636f65
Score

10^/10

spyware keylogger trojan stealer hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Drops startup file
- Uses the VBS compiler for execution
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarekeyloggertrojanstealerhawkeye_reborn

behavioral2

keyloggertrojanstealerspywarehawkeye_reborn