hawkeye_reborn | 5d02ec68475acc04cf84886b20979f34a5432e0faf272bb5bcb79e7d041f5f91 | Triage

Sharing

General

Target

NEW PURCHASE ORDER LISTED ITEMS HQ-61184 - AEM - SG pdf.exe
Size

905KB
Sample

200301-rsjk74491j
MD5

5ef872eb756c58433cc665e5f64ccab7
SHA1

a6f485c33e5e782de687012a0cc64369b1c0ee79
SHA256

5d02ec68475acc04cf84886b20979f34a5432e0faf272bb5bcb79e7d041f5f91
SHA512

2af90214e7d58d8bb56c9d5d4fe950ce7bdaa95568139532e47eae5deabce5cc59a199d6af7b4dfef7a134b7e34e5c992018ad6f26e0764800a31cacf95f7276

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  NEW PURCHASE ORDER LISTED ITEMS HQ-61184 - AEM - SG pdf.exe
- Size
  
  905KB
- MD5
  
  5ef872eb756c58433cc665e5f64ccab7
- SHA1
  
  a6f485c33e5e782de687012a0cc64369b1c0ee79
- SHA256
  
  5d02ec68475acc04cf84886b20979f34a5432e0faf272bb5bcb79e7d041f5f91
- SHA512
  
  2af90214e7d58d8bb56c9d5d4fe950ce7bdaa95568139532e47eae5deabce5cc59a199d6af7b4dfef7a134b7e34e5c992018ad6f26e0764800a31cacf95f7276
Score

10^/10

keylogger trojan stealer spyware hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Uses the VBS compiler for execution
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

keyloggertrojanstealerspywarehawkeye_reborn

behavioral2

keyloggertrojanstealerspywarehawkeye_reborn