Overview

overview

10

Static

static

10

00eb48e443...b7.exe

windows7_x64

9

00eb48e443...b7.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00eb48e443448ac6917516a168fd3f98e8a04bd09115130f248f6fe672b260b7

  • Size

    552KB

  • Sample

    220223-bwz89shfej

  • MD5

    d76cb6621435ae9a51e621c5d4ad25ff

  • SHA1

    9a28744b6b132c8b7a6e7ff329cf9d422fac5644

  • SHA256

    00eb48e443448ac6917516a168fd3f98e8a04bd09115130f248f6fe672b260b7

  • SHA512

    b9c4fc33a93a36af1bf5a4d76983234e589af2a9515b885797cdf99d8cdfe5d870b06268f4c30de9ba40695a6f6ef4f9db9c16e95d4af2811c18a750d70b5537

Score
10/10
hawkeye_rebornm00nd3v_loggercollection

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      00eb48e443448ac6917516a168fd3f98e8a04bd09115130f248f6fe672b260b7

    • Size

      552KB

    • MD5

      d76cb6621435ae9a51e621c5d4ad25ff

    • SHA1

      9a28744b6b132c8b7a6e7ff329cf9d422fac5644

    • SHA256

      00eb48e443448ac6917516a168fd3f98e8a04bd09115130f248f6fe672b260b7

    • SHA512

      b9c4fc33a93a36af1bf5a4d76983234e589af2a9515b885797cdf99d8cdfe5d870b06268f4c30de9ba40695a6f6ef4f9db9c16e95d4af2811c18a750d70b5537

    Score
    9/10
    collection

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks