hawkeye_reborn | 4945a1a4f65271de23a99eaad0b4a08b472b2dcb60a60a5b06f26afad49da181 | Triage

Sharing

General

Target

H.bin
Size

881KB
Sample

200227-yw8wv17zl2
MD5

3fe7d81139bd40361330a07f47bb99e1
SHA1

391bc516fe8e1feae96fb3c7c31bcccec4fa20e6
SHA256

4945a1a4f65271de23a99eaad0b4a08b472b2dcb60a60a5b06f26afad49da181
SHA512

f22e4e2fa6be336cd26fb46f9b7d9cc656670f6c8abf5283e1cd35e718a95a53145937adc70036fc7cf850234c9090b05a190bafd9ae2ad20d9bf8441103f63e

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  H.bin
- Size
  
  881KB
- MD5
  
  3fe7d81139bd40361330a07f47bb99e1
- SHA1
  
  391bc516fe8e1feae96fb3c7c31bcccec4fa20e6
- SHA256
  
  4945a1a4f65271de23a99eaad0b4a08b472b2dcb60a60a5b06f26afad49da181
- SHA512
  
  f22e4e2fa6be336cd26fb46f9b7d9cc656670f6c8abf5283e1cd35e718a95a53145937adc70036fc7cf850234c9090b05a190bafd9ae2ad20d9bf8441103f63e
Score

10^/10

keylogger trojan stealer spyware hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Uses the VBS compiler for execution
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

keyloggertrojanstealerspywarehawkeye_reborn

behavioral2

keyloggertrojanstealerspywarehawkeye_reborn