hawkeye_reborn | 8f87d6ce64fc1780d18625d0f73d542382e2d69904e144a6b706ba31bf930480 | Triage

Sharing

General

Target

8f87d6ce64fc1780d18625d0f73d542382e2d69904e144a6b706ba31bf930480
Size

552KB
Sample

220312-kkwldaadg6
MD5

3050015074c493537c0dbfba320ae9ff
SHA1

8974a35570e9984f1cc9c9160cb080d9f62cadae
SHA256

8f87d6ce64fc1780d18625d0f73d542382e2d69904e144a6b706ba31bf930480
SHA512

457de9914b33188774ce1916bef10e20b3de608aab3084155de552b90d41f0ba95bd9127ea827b610991e9ef971f3dd2eecc69cbdc8fce7c99d3a624c32181ac

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer persistence

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  8f87d6ce64fc1780d18625d0f73d542382e2d69904e144a6b706ba31bf930480
- Size
  
  552KB
- MD5
  
  3050015074c493537c0dbfba320ae9ff
- SHA1
  
  8974a35570e9984f1cc9c9160cb080d9f62cadae
- SHA256
  
  8f87d6ce64fc1780d18625d0f73d542382e2d69904e144a6b706ba31bf930480
- SHA512
  
  457de9914b33188774ce1916bef10e20b3de608aab3084155de552b90d41f0ba95bd9127ea827b610991e9ef971f3dd2eecc69cbdc8fce7c99d3a624c32181ac
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

infostealerm00nd3v_loggerhawkeye_reborn

behavioral1

behavioral2