hawkeye_reborn | 4da820dc5b8b59fa5e8567477768de1cb71bd42969a56b70fa08f56309cbb89d | Triage

Sharing

General

Target

invoice 546787652355666666544333234555.exe
Size

2.1MB
Sample

200410-rk4yq5pkg6
MD5

d7ab129d6d152cc9f84c8e8ab59f3ef4
SHA1

623c490e874aff8e6e6a5813ab87e3faf0be38a3
SHA256

4da820dc5b8b59fa5e8567477768de1cb71bd42969a56b70fa08f56309cbb89d
SHA512

f0fe4e9e792560214208d1d49ece23eb15e2f1d85783ed135bb2502eb495f83eab3083567a40b23a6ace5ac03aef335e69be16db6ec397e9d15f472f2ea57a65

Score

10^/10

hawkeye_reborn keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  invoice 546787652355666666544333234555.exe
- Size
  
  2.1MB
- MD5
  
  d7ab129d6d152cc9f84c8e8ab59f3ef4
- SHA1
  
  623c490e874aff8e6e6a5813ab87e3faf0be38a3
- SHA256
  
  4da820dc5b8b59fa5e8567477768de1cb71bd42969a56b70fa08f56309cbb89d
- SHA512
  
  f0fe4e9e792560214208d1d49ece23eb15e2f1d85783ed135bb2502eb495f83eab3083567a40b23a6ace5ac03aef335e69be16db6ec397e9d15f472f2ea57a65
Score

10^/10

keylogger trojan stealer spyware hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

keyloggertrojanstealerspywarehawkeye_reborn

behavioral2

spywarekeyloggertrojanstealerhawkeye_reborn