Overview

overview

10

Static

static

INV1.exe

windows7_x64

10

INV1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV1.exe

  • Size

    2.4MB

  • Sample

    200301-v8a5me1xjs

  • MD5

    0d4d52901a4cb69ba79e116f0db9de72

  • SHA1

    47c90b1490f7b3523490794951f3fa79a4114c91

  • SHA256

    dec757dc1c2b7722acf90fb43dac3e8e7052fa4c4a3c7c53126d93af5013ab2c

  • SHA512

    9947dcd78c31ef1bfa0cdcf821179426b461d0706b967a50a43bb19e13cd73ccaccb7f6a041a9ce00585a9371984ed7ed0409dfae0041f5d875698210a930f76

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      INV1.exe

    • Size

      2.4MB

    • MD5

      0d4d52901a4cb69ba79e116f0db9de72

    • SHA1

      47c90b1490f7b3523490794951f3fa79a4114c91

    • SHA256

      dec757dc1c2b7722acf90fb43dac3e8e7052fa4c4a3c7c53126d93af5013ab2c

    • SHA512

      9947dcd78c31ef1bfa0cdcf821179426b461d0706b967a50a43bb19e13cd73ccaccb7f6a041a9ce00585a9371984ed7ed0409dfae0041f5d875698210a930f76

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enchanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Deletes itself

    • Drops startup file

    • Uses the VBS compiler for execution

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks