General
-
Target
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
-
Size
1.2MB
-
Sample
220201-eww4dshbe2
-
MD5
fb2ca93f987313108abdd4a6d687783a
-
SHA1
0783b8327a88aff87c627497d4333fd778da59be
-
SHA256
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
-
SHA512
6fc15ca06da66661c733ed4aeeff40a11791739ab104e607262b55e217658277246cfec7b2dd586bbd58067bf1a67a4fd7e9462ffe5f591fc7a2ee1cfefcab25
Static task
static1
Behavioral task
behavioral1
Sample
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
-
Size
1.2MB
-
MD5
fb2ca93f987313108abdd4a6d687783a
-
SHA1
0783b8327a88aff87c627497d4333fd778da59be
-
SHA256
b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
-
SHA512
6fc15ca06da66661c733ed4aeeff40a11791739ab104e607262b55e217658277246cfec7b2dd586bbd58067bf1a67a4fd7e9462ffe5f591fc7a2ee1cfefcab25
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Sets service image path in registry
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-