General
-
Target
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
-
Size
836KB
-
Sample
200805-jmr8bjghpn
-
MD5
381281e1f4b2ae7bf7c346298479e065
-
SHA1
626ce0e61c34e0a0144f5238235b7913b3694c57
-
SHA256
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
-
SHA512
1bdcdd0eaa9f5b869beeb1e027f24aac427e227e4e7d50834167e53d9ee8bbcb54c64500bfad9d8d9a0e9dcb20b752708b92fb0e46c434e72c07febbc9c20bb7
Static task
static1
Behavioral task
behavioral1
Sample
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749.exe
Resource
win7
Behavioral task
behavioral2
Sample
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749.exe
Resource
win10v200722
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
-
Size
836KB
-
MD5
381281e1f4b2ae7bf7c346298479e065
-
SHA1
626ce0e61c34e0a0144f5238235b7913b3694c57
-
SHA256
4d007811655340ed12bfa9afb9a1c38ec591117805c24787df8ce7e2f9bdb749
-
SHA512
1bdcdd0eaa9f5b869beeb1e027f24aac427e227e4e7d50834167e53d9ee8bbcb54c64500bfad9d8d9a0e9dcb20b752708b92fb0e46c434e72c07febbc9c20bb7
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-