hawkeye_reborn | dfba8d6508a5b6ff77d41785718e4dfe524b968eed5d8db0676804b06c412756 | Triage

Sharing

General

Target

REVISED PURCHASE ORDER #00146 pdf.exe
Size

1.1MB
Sample

200303-5ptwk47s3x
MD5

f02cce9c5ca0f7d9fa7e5e680f517399
SHA1

8efa6b644c053e37204c3ad1fe2cb55fec3c264b
SHA256

dfba8d6508a5b6ff77d41785718e4dfe524b968eed5d8db0676804b06c412756
SHA512

7e30e3dc6de142f07fd2d205360dbc8c1e142ddce6800ab4212207bc31d849302edb40f97c029257534a03f32248d9b0e4b08015b991a9f8fd5e00e13003bc56

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  REVISED PURCHASE ORDER #00146 pdf.exe
- Size
  
  1.1MB
- MD5
  
  f02cce9c5ca0f7d9fa7e5e680f517399
- SHA1
  
  8efa6b644c053e37204c3ad1fe2cb55fec3c264b
- SHA256
  
  dfba8d6508a5b6ff77d41785718e4dfe524b968eed5d8db0676804b06c412756
- SHA512
  
  7e30e3dc6de142f07fd2d205360dbc8c1e142ddce6800ab4212207bc31d849302edb40f97c029257534a03f32248d9b0e4b08015b991a9f8fd5e00e13003bc56
Score

10^/10

keylogger trojan stealer spyware hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Uses the VBS compiler for execution
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

keyloggertrojanstealerspywarehawkeye_reborn

behavioral2

keyloggertrojanstealerspywarehawkeye_reborn