Overview

overview

10

Static

static

10

384e6e9022...10.exe

windows7_x64

9

384e6e9022...10.exe

windows10-2004_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

  • Size

    552KB

  • Sample

    220222-dz2mlscad4

  • MD5

    24eca305562ce8bd4f36ac89298175d6

  • SHA1

    52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357

  • SHA256

    384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

  • SHA512

    dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7

Score
10/10
hawkeye_rebornm00nd3v_loggercollection

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

    • Size

      552KB

    • MD5

      24eca305562ce8bd4f36ac89298175d6

    • SHA1

      52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357

    • SHA256

      384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

    • SHA512

      dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7

    Score
    9/10
    collection

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks