hawkeye_reborn | 8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94 | Triage

Submit
Reports

Overview

overview

Static

static

8fd4b32e8b...94.exe

windows7_x64

8fd4b32e8b...94.exe

windows10_x64

Sharing

General

Target

8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
Size

773KB
Sample

210907-gwjt6sfcbl
MD5

0e569851a5caffd0924437714db46abe
SHA1

32fe45fbef9753d08978ad11a0001b29f032ba34
SHA256

8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
SHA512

0229b9515e0bd71d7c4b2e5bc6a30dba5b69ba761bf20a1c4a32d112d563e758284b74ff067e0815dd8207dadd40d60292ad0d7998aa501017944949e32ae7a0

Score

10^/10

hawkeye_reborn m00nd3v_logger agilenet keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94.exe

Resource

win7-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94.exe

Resource

win10-en

hawkeye_reborn m00nd3v_logger agilenet keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.zoho.com
Port:
587
Username:
zhuresult2018@zoho.com
Password:
OGOM12345

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
- Size
  
  773KB
- MD5
  
  0e569851a5caffd0924437714db46abe
- SHA1
  
  32fe45fbef9753d08978ad11a0001b29f032ba34
- SHA256
  
  8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
- SHA512
  
  0229b9515e0bd71d7c4b2e5bc6a30dba5b69ba761bf20a1c4a32d112d563e758284b74ff067e0815dd8207dadd40d60292ad0d7998aa501017944949e32ae7a0
Score

10^/10

hawkeye_reborn m00nd3v_logger agilenet keylogger persistence spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hawkeye_rebornm00nd3v_loggeragilenetkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy