hawkeye_reborn | 0ec08ef4ed20233f9ea31687e2f8bb35ba3cdfbb8ccd0aeac1060ebcbe9873b7 | Triage

Sharing

General

Target

0ec08ef4ed20233f9ea31687e2f8bb35ba3cdfbb8ccd0aeac1060ebcbe9873b7
Size

552KB
Sample

220222-x335dseabn
MD5

57fee168385ff171170b6582be68c824
SHA1

52993375265f5fc003618e8ef7e644b407a16342
SHA256

0ec08ef4ed20233f9ea31687e2f8bb35ba3cdfbb8ccd0aeac1060ebcbe9873b7
SHA512

311914d06ae105428bc386884c203dd6dd62f25493bdf6d38cc02b993c59d9b4546599d973e2bfa87cb7331d2e7fa24160db786b113df54d95767e3d1bb1d4be

Score

10^/10

hawkeye_reborn m00nd3v_logger persistence spyware stealer

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  0ec08ef4ed20233f9ea31687e2f8bb35ba3cdfbb8ccd0aeac1060ebcbe9873b7
- Size
  
  552KB
- MD5
  
  57fee168385ff171170b6582be68c824
- SHA1
  
  52993375265f5fc003618e8ef7e644b407a16342
- SHA256
  
  0ec08ef4ed20233f9ea31687e2f8bb35ba3cdfbb8ccd0aeac1060ebcbe9873b7
- SHA512
  
  311914d06ae105428bc386884c203dd6dd62f25493bdf6d38cc02b993c59d9b4546599d973e2bfa87cb7331d2e7fa24160db786b113df54d95767e3d1bb1d4be
Score

8^/10

persistence spyware stealer
- Sets file execution options in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

m00nd3v_loggerhawkeye_reborn

behavioral1

persistencespywarestealer

behavioral2