Overview

overview

10

Static

static

payment ad...df.exe

windows7_x64

10

payment ad...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment advise.pdf.exe

  • Size

    782KB

  • Sample

    200526-nb9nxvc6r6

  • MD5

    59cf7c2408af41d05163a6180244cd6f

  • SHA1

    152b19b94444a67b790f0e249a05ab3e4449d3d8

  • SHA256

    a0e92f094e8bc8945550860f46aa822ce8f31506ea643e1b04c33fabf4fe9413

  • SHA512

    b121a628e8f23071de102afc85dae44a50b1ca9a9c5163a7175fd45b1e10a4d1dce6bf00f372f94c2972b5698462ad1c7843d9e25c85a0c56bbd7389bbc6c06a

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

hawkeye_reborn

Version

10.1.0.0

Credentials

  • Protocol:     smtp
  • Host:
    mail.3enaluminyum.com.tr
  • Port:
    587
  • Username:
    ihgungor@3enaluminyum.com.tr
  • Password:
    3eN13579?
Mutex

1278e7d4-dcd9-4a7a-8780-d6f5636aa3de

Attributes
  • fields

    map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:3eN13579? _EmailPort:587 _EmailSSL:true _EmailServer:mail.3enaluminyum.com.tr _EmailUsername:ihgungor@3enaluminyum.com.tr _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:1278e7d4-dcd9-4a7a-8780-d6f5636aa3de _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.0.0 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]

  • name

    HawkEye Keylogger - RebornX, Version=10.1.0.0, Culture=neutral, PublicKeyToken=null

Targets

    • Target

      payment advise.pdf.exe

    • Size

      782KB

    • MD5

      59cf7c2408af41d05163a6180244cd6f

    • SHA1

      152b19b94444a67b790f0e249a05ab3e4449d3d8

    • SHA256

      a0e92f094e8bc8945550860f46aa822ce8f31506ea643e1b04c33fabf4fe9413

    • SHA512

      b121a628e8f23071de102afc85dae44a50b1ca9a9c5163a7175fd45b1e10a4d1dce6bf00f372f94c2972b5698462ad1c7843d9e25c85a0c56bbd7389bbc6c06a

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.