hawkeye_reborn | 8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595

General

Target

8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
Size

964KB
Sample

220205-p6yebabgdr
MD5

9cf33a9d11e1a0eddb2481e862487bb2
SHA1

4db6d3e61cd201bf855a1e50300d01496a231de7
SHA256

8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
SHA512

14e741a79d2dc7812250d753d3567f3623c2eb20466ac6c370911125ce62b302da3c75331bf4da39f2166ec5a4205185ea08a2e8e47cf732eac90569c75570ec

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
- Size
  
  964KB
- MD5
  
  9cf33a9d11e1a0eddb2481e862487bb2
- SHA1
  
  4db6d3e61cd201bf855a1e50300d01496a231de7
- SHA256
  
  8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
- SHA512
  
  14e741a79d2dc7812250d753d3567f3623c2eb20466ac6c370911125ce62b302da3c75331bf4da39f2166ec5a4205185ea08a2e8e47cf732eac90569c75570ec
Score

10^/10

persistence hawkeye_reborn m00nd3v_logger keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger Payload

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2