hawkeye_reborn | 59ef5b795db30415b8b7cd21b186105e70a71f5e21bf1d2224ca5e6b58145e70 | Triage

Sharing

General

Target

59ef5b795db30415b8b7cd21b186105e70a71f5e21bf1d2224ca5e6b58145e70
Size

552KB
Sample

220310-s26rnsgee2
MD5

42972a9a5ab46a5dcc9e72389c069db7
SHA1

53db1c679729bafccbcb35c64ca7f3e04aa7d9d8
SHA256

59ef5b795db30415b8b7cd21b186105e70a71f5e21bf1d2224ca5e6b58145e70
SHA512

26b1ccfe16ec9c25a878573896ee6afffdc150376b18857b3a45e03db67add767b065d6b03806c7692388100b23186d0ca2483f9514daad5a51c9dcce608d025

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer persistence

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  59ef5b795db30415b8b7cd21b186105e70a71f5e21bf1d2224ca5e6b58145e70
- Size
  
  552KB
- MD5
  
  42972a9a5ab46a5dcc9e72389c069db7
- SHA1
  
  53db1c679729bafccbcb35c64ca7f3e04aa7d9d8
- SHA256
  
  59ef5b795db30415b8b7cd21b186105e70a71f5e21bf1d2224ca5e6b58145e70
- SHA512
  
  26b1ccfe16ec9c25a878573896ee6afffdc150376b18857b3a45e03db67add767b065d6b03806c7692388100b23186d0ca2483f9514daad5a51c9dcce608d025
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

infostealerm00nd3v_loggerhawkeye_reborn

behavioral1

behavioral2