hawkeye_reborn | 4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749 | Triage

Submit
Reports

Overview

overview

Static

static

4d00781165...49.exe

windows7_x64

4d00781165...49.exe

windows10_x64

1

Sharing

General

Target

4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
Size

836KB
Sample

200805-jmr8bjghpn
MD5

381281e1f4b2ae7bf7c346298479e065
SHA1

626ce0e61c34e0a0144f5238235b7913b3694c57
SHA256

4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
SHA512

1bdcdd0eaa9f5b869beeb1e027f24aac427e227e4e7d50834167e53d9ee8bbcb54c64500bfad9d8d9a0e9dcb20b752708b92fb0e46c434e72c07febbc9c20bb7

Score

10^/10

hawkeye_reborn m00nd3v_logger keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749.exe

Resource

win7

spyware stealer m00nd3v_logger keylogger trojan hawkeye_reborn

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749.exe

Resource

win10v200722

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
- Size
  
  836KB
- MD5
  
  381281e1f4b2ae7bf7c346298479e065
- SHA1
  
  626ce0e61c34e0a0144f5238235b7913b3694c57
- SHA256
  
  4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
- SHA512
  
  1bdcdd0eaa9f5b869beeb1e027f24aac427e227e4e7d50834167e53d9ee8bbcb54c64500bfad9d8d9a0e9dcb20b752708b92fb0e46c434e72c07febbc9c20bb7
Score

10^/10

spyware stealer m00nd3v_logger keylogger trojan hawkeye_reborn
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarestealerm00nd3v_loggerkeyloggertrojanhawkeye_reborn

behavioral2

© 2018-2024

Terms | Privacy