Description
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
678900.pdf.exe
802KB
200526-cdkyw2aqts
109964ff67ad854a737b1cd1902a5424
afcf13c1f3e3d4e19f20e8449302e429e10c5d7c
a5a00f206182c8e732f580b520af49f2b5a33c93676f15e8eadb5d1eba6ed497
501b5bb9825fd116882863688f72f4d1cc03e64d10c8d3706b5870f48415f6b87675e17a4548e3da2e8d820d529ba1ffc806ddd0926fd2ac67b2be46c0b5003a
Family | hawkeye_reborn |
Version | 10.1.0.0 |
Credentials | Protocol: smtp Host: mail.3enaluminyum.com.tr Port: 587 Username: ihgungor@3enaluminyum.com.tr Password: 3eN13579? |
Attributes |
fields map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:3eN13579? _EmailPort:587 _EmailSSL:true _EmailServer:mail.3enaluminyum.com.tr _EmailUsername:ihgungor@3enaluminyum.com.tr _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:1278e7d4-dcd9-4a7a-8780-d6f5636aa3de _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.0.0 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
name HawkEye Keylogger - RebornX, Version=10.1.0.0, Culture=neutral, PublicKeyToken=null |
678900.pdf.exe
109964ff67ad854a737b1cd1902a5424
802KB
afcf13c1f3e3d4e19f20e8449302e429e10c5d7c
a5a00f206182c8e732f580b520af49f2b5a33c93676f15e8eadb5d1eba6ed497
501b5bb9825fd116882863688f72f4d1cc03e64d10c8d3706b5870f48415f6b87675e17a4548e3da2e8d820d529ba1ffc806ddd0926fd2ac67b2be46c0b5003a
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
Infostealers often target stored browser data, which can include saved credentials etc.
Uses a legitimate IP lookup service to find the infected system's external IP.