General
-
Target
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
-
Size
964KB
-
Sample
220205-p6yebabgdr
-
MD5
9cf33a9d11e1a0eddb2481e862487bb2
-
SHA1
4db6d3e61cd201bf855a1e50300d01496a231de7
-
SHA256
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
-
SHA512
14e741a79d2dc7812250d753d3567f3623c2eb20466ac6c370911125ce62b302da3c75331bf4da39f2166ec5a4205185ea08a2e8e47cf732eac90569c75570ec
Static task
static1
Behavioral task
behavioral1
Sample
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
-
Size
964KB
-
MD5
9cf33a9d11e1a0eddb2481e862487bb2
-
SHA1
4db6d3e61cd201bf855a1e50300d01496a231de7
-
SHA256
8f04027c2a95366ba904688bbffa6894496495019bf00848990a892d1275c595
-
SHA512
14e741a79d2dc7812250d753d3567f3623c2eb20466ac6c370911125ce62b302da3c75331bf4da39f2166ec5a4205185ea08a2e8e47cf732eac90569c75570ec
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-