Overview

overview

10

Static

static

dsFqMLnEkvrogA9.exe

windows7_x64

10

dsFqMLnEkvrogA9.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dsFqMLnEkvrogA9.exe

  • Size

    398KB

  • Sample

    200608-mx8tn7seex

  • MD5

    f882b4b6a5a9a47e10244f70d661bd2e

  • SHA1

    b77ef0dc1e64d6b396a2ac6f3a87ff3fd53ca503

  • SHA256

    c0a5e2237ef1901c7a3ee2c15290c8db625a1cb9659e99a86ee474460533aa32

  • SHA512

    a49b9b512d0f9a9afd81eeb7621543e6c5d4820a434f755218b7225a81f657371fe6e70fbe92ecdfcaf41e37c3efb894eb8ae8f38d4e4b14a632a7cc09599c38

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      dsFqMLnEkvrogA9.exe

    • Size

      398KB

    • MD5

      f882b4b6a5a9a47e10244f70d661bd2e

    • SHA1

      b77ef0dc1e64d6b396a2ac6f3a87ff3fd53ca503

    • SHA256

      c0a5e2237ef1901c7a3ee2c15290c8db625a1cb9659e99a86ee474460533aa32

    • SHA512

      a49b9b512d0f9a9afd81eeb7621543e6c5d4820a434f755218b7225a81f657371fe6e70fbe92ecdfcaf41e37c3efb894eb8ae8f38d4e4b14a632a7cc09599c38

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks