General
-
Target
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
-
Size
774KB
-
Sample
220201-dx3rwsfhgn
-
MD5
43b11a8f6b50d581ebb29aa3f56171b3
-
SHA1
66e12aaf867a04f8f3aeed579d3280e8505a4c88
-
SHA256
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
-
SHA512
7be987394ed0711d7776ff4a85b1b72c60bbf7f4931a36beb8248b69d035e824261a20820f91ac6765905b0e0700d57b144fdd70988aee3381b0df686bd7b709
Static task
static1
Behavioral task
behavioral1
Sample
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
-
Size
774KB
-
MD5
43b11a8f6b50d581ebb29aa3f56171b3
-
SHA1
66e12aaf867a04f8f3aeed579d3280e8505a4c88
-
SHA256
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
-
SHA512
7be987394ed0711d7776ff4a85b1b72c60bbf7f4931a36beb8248b69d035e824261a20820f91ac6765905b0e0700d57b144fdd70988aee3381b0df686bd7b709
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-