Overview

overview

10

Static

static

678900.pdf.exe

windows7_x64

10

678900.pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    678900.pdf.exe

  • Size

    802KB

  • Sample

    200526-cdkyw2aqts

  • MD5

    109964ff67ad854a737b1cd1902a5424

  • SHA1

    afcf13c1f3e3d4e19f20e8449302e429e10c5d7c

  • SHA256

    a5a00f206182c8e732f580b520af49f2b5a33c93676f15e8eadb5d1eba6ed497

  • SHA512

    501b5bb9825fd116882863688f72f4d1cc03e64d10c8d3706b5870f48415f6b87675e17a4548e3da2e8d820d529ba1ffc806ddd0926fd2ac67b2be46c0b5003a

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

hawkeye_reborn

Version

10.1.0.0

Credentials

  • Protocol:     smtp
  • Host:
    mail.3enaluminyum.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3eN13579?
Mutex

1278e7d4-dcd9-4a7a-8780-d6f5636aa3de

Attributes
  • fields

    map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:3eN13579? _EmailPort:587 _EmailSSL:true _EmailServer:mail.3enaluminyum.com.tr _EmailUsername:[email protected] _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:1278e7d4-dcd9-4a7a-8780-d6f5636aa3de _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.0.0 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]

  • name

    HawkEye Keylogger - RebornX, Version=10.1.0.0, Culture=neutral, PublicKeyToken=null

Targets

    • Target

      678900.pdf.exe

    • Size

      802KB

    • MD5

      109964ff67ad854a737b1cd1902a5424

    • SHA1

      afcf13c1f3e3d4e19f20e8449302e429e10c5d7c

    • SHA256

      a5a00f206182c8e732f580b520af49f2b5a33c93676f15e8eadb5d1eba6ed497

    • SHA512

      501b5bb9825fd116882863688f72f4d1cc03e64d10c8d3706b5870f48415f6b87675e17a4548e3da2e8d820d529ba1ffc806ddd0926fd2ac67b2be46c0b5003a

    Score
    10/10
    spywarekeyloggertrojanstealerhawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks