Overview

overview

10

Static

static

PO HALLEY PROJ...z2.exe

windows7_x64

10

PO HALLEY PROJ...z2.exe

windows10_x64

10
General
Target

PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe

Size

781KB

Sample

200508-9x7fd97kre

Score
10/10
MD5

f31581564b5bbc14d3c862c2be157a52

SHA1

64e62fe3198a16cb205acd31400af967ad3dd347

SHA256

7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3

SHA512

ded28a91894313cbdd5678ec191c1e138d524ce3785ca96a255b2bc09cf5f18b8d287a48cf6b754d658f5ab70d95f933899208dc54c21f6b113a0e87200f3f1a

Malware Config

Extracted

Family

hawkeye_reborn
Version

10.0.0.1
Credentials

Protocol: smtp

Host: mail.eagleeyeapparels.com

Port: 587

Username: faruq@eagleeyeapparels.com

Password: eagle*qaz
Attributes
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:eagle*qaz _EmailPort:587 _EmailSSL:true _EmailServer:mail.eagleeyeapparels.com _EmailUsername:faruq@eagleeyeapparels.com _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:f98d37f4-ca90-4ed7-9f6f-6121c4014605 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:true _SystemInfo:true _Version:10.0.0.1 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
name
HawkEye RebornX, Version=10.0.0.1, Culture=neutral, PublicKeyToken=null
Targets
Target

PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe

MD5

f31581564b5bbc14d3c862c2be157a52

Filesize

781KB

Score
10/10
SHA1

64e62fe3198a16cb205acd31400af967ad3dd347

SHA256

7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3

SHA512

ded28a91894313cbdd5678ec191c1e138d524ce3785ca96a255b2bc09cf5f18b8d287a48cf6b754d658f5ab70d95f933899208dc54c21f6b113a0e87200f3f1a

Tags

Signatures

  • HawkEye Reborn

    Description

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Uses the VBS compiler for execution

    TTPs

    Scripting

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10