hawkeye_reborn | e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d | Triage

Submit
Reports

Overview

overview

Static

static

e30457394a...3d.exe

windows7_x64

e30457394a...3d.exe

windows10-2004_x64

1

Sharing

General

Target

e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
Size

774KB
Sample

220201-dx3rwsfhgn
MD5

43b11a8f6b50d581ebb29aa3f56171b3
SHA1

66e12aaf867a04f8f3aeed579d3280e8505a4c88
SHA256

e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
SHA512

7be987394ed0711d7776ff4a85b1b72c60bbf7f4931a36beb8248b69d035e824261a20820f91ac6765905b0e0700d57b144fdd70988aee3381b0df686bd7b709

Score

10^/10

hawkeye_reborn m00nd3v_logger collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d.exe

Resource

win7-en-20211208

hawkeye_reborn m00nd3v_logger collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
- Size
  
  774KB
- MD5
  
  43b11a8f6b50d581ebb29aa3f56171b3
- SHA1
  
  66e12aaf867a04f8f3aeed579d3280e8505a4c88
- SHA256
  
  e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
- SHA512
  
  7be987394ed0711d7776ff4a85b1b72c60bbf7f4931a36beb8248b69d035e824261a20820f91ac6765905b0e0700d57b144fdd70988aee3381b0df686bd7b709
Score

10^/10

hawkeye_reborn m00nd3v_logger collection keylogger persistence spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggercollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy