Overview

overview

10

Static

static

PO.exe

windows7_x64

10

PO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO.exe

  • Size

    799KB

  • Sample

    200428-abnny5zjw2

  • MD5

    ef043796a61db70e27b06e3cfe7209f1

  • SHA1

    c78610ce51f61ebcc647a057def65409de76590a

  • SHA256

    e842dbdc4b41d7516d87ccc21fa365b93c4c94ce5a75dc6f06321f90efa19e29

  • SHA512

    72aab86bf1f1e2c75edfb56ec3fb0bb26766cb762f2408e5ba4e8791194a0b87118187a0f5c72a15285f3e16150a8704f675764750b6feb648b044bcaec31e09

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      PO.exe

    • Size

      799KB

    • MD5

      ef043796a61db70e27b06e3cfe7209f1

    • SHA1

      c78610ce51f61ebcc647a057def65409de76590a

    • SHA256

      e842dbdc4b41d7516d87ccc21fa365b93c4c94ce5a75dc6f06321f90efa19e29

    • SHA512

      72aab86bf1f1e2c75edfb56ec3fb0bb26766cb762f2408e5ba4e8791194a0b87118187a0f5c72a15285f3e16150a8704f675764750b6feb648b044bcaec31e09

    Score
    10/10
    spywarekeyloggertrojanstealerhawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks