General
-
Target
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
-
Size
3.9MB
-
Sample
210513-57ylfawdbj
-
MD5
2c0477aa604bb30ad683f2b6aa3ca4cc
-
SHA1
caf703e8c5d1daf7cbfea0aa50985d306e07495e
-
SHA256
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
-
SHA512
6d3988819903274a10630722114510fbd75a993969982df912278b1368bd2b7daf3d42403dd3d735a36d72b044c4505157128c3123a93128cb777a3132da46b9
Static task
static1
Behavioral task
behavioral1
Sample
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5.exe
Resource
win10v20210408
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
-
Size
3.9MB
-
MD5
2c0477aa604bb30ad683f2b6aa3ca4cc
-
SHA1
caf703e8c5d1daf7cbfea0aa50985d306e07495e
-
SHA256
3b626e057cbbe757e2dc309d6358a2004f89167c9d56bb42e4bb1409f311fcb5
-
SHA512
6d3988819903274a10630722114510fbd75a993969982df912278b1368bd2b7daf3d42403dd3d735a36d72b044c4505157128c3123a93128cb777a3132da46b9
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-