hawkeye_reborn | c9686db7d064daa4032a757698c937f4e781c2201d223448c7b6ad2edff6eb0b | Triage

Submit
Reports

Overview

overview

Static

static

INV001.exe

windows7_x64

INV001.exe

windows10_x64

Sharing

General

Target

INV001.exe
Size

2.0MB
Sample

200312-t9kkebmalj
MD5

c30f96608053c958da9b1174ce71b000
SHA1

ddb1ac016525336bdde4dabbdfc51868da00d652
SHA256

c9686db7d064daa4032a757698c937f4e781c2201d223448c7b6ad2edff6eb0b
SHA512

cb9767853b7972486084c4d25c665910d44b677eab0a13538ed73e0d1e22e4c71bbffa87d02e6206efa6874c3f5460ea623fc41d4074b99908a73e551fa5b617

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INV001.exe

Resource

win7v200217

keylogger trojan stealer spyware hawkeye_reborn

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV001.exe

Resource

win10v200217

keylogger trojan stealer spyware hawkeye_reborn

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  INV001.exe
- Size
  
  2.0MB
- MD5
  
  c30f96608053c958da9b1174ce71b000
- SHA1
  
  ddb1ac016525336bdde4dabbdfc51868da00d652
- SHA256
  
  c9686db7d064daa4032a757698c937f4e781c2201d223448c7b6ad2edff6eb0b
- SHA512
  
  cb9767853b7972486084c4d25c665910d44b677eab0a13538ed73e0d1e22e4c71bbffa87d02e6206efa6874c3f5460ea623fc41d4074b99908a73e551fa5b617
Score

10^/10

keylogger trojan stealer spyware hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enchanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

keyloggertrojanstealerspywarehawkeye_reborn

behavioral2

keyloggertrojanstealerspywarehawkeye_reborn

© 2018-2024

Terms | Privacy