hawkeye_reborn | 3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5 | Triage

Submit
Reports

Overview

overview

Static

static

3b626e057c...b5.exe

windows7_x64

8

3b626e057c...b5.exe

windows10_x64

Sharing

General

Target

3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
Size

3.9MB
Sample

210513-57ylfawdbj
MD5

2c0477aa604bb30ad683f2b6aa3ca4cc
SHA1

caf703e8c5d1daf7cbfea0aa50985d306e07495e
SHA256

3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
SHA512

6d3988819903274a10630722114510fbd75a993969982df912278b1368bd2b7daf3d42403dd3d735a36d72b044c4505157128c3123a93128cb777a3132da46b9

Score

10^/10

hawkeye_reborn m00nd3v_logger keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5.exe

Resource

win10v20210408

hawkeye_reborn m00nd3v_logger keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
- Size
  
  3.9MB
- MD5
  
  2c0477aa604bb30ad683f2b6aa3ca4cc
- SHA1
  
  caf703e8c5d1daf7cbfea0aa50985d306e07495e
- SHA256
  
  3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
- SHA512
  
  6d3988819903274a10630722114510fbd75a993969982df912278b1368bd2b7daf3d42403dd3d735a36d72b044c4505157128c3123a93128cb777a3132da46b9
Score

10^/10

persistence hawkeye_reborn m00nd3v_logger keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeye_rebornm00nd3v_loggerkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy