Static task
static1
Behavioral task
behavioral1
Sample
8b029659245e11cc52fe29bcf44890eba51e51ab512761ceebc0aba40588b014.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
8b029659245e11cc52fe29bcf44890eba51e51ab512761ceebc0aba40588b014.exe
Resource
win10v2004-en-20220113
General
-
Target
8b029659245e11cc52fe29bcf44890eba51e51ab512761ceebc0aba40588b014
-
Size
631KB
-
MD5
9b8383f155de4811e64285bb28f417dc
-
SHA1
15fae937f83e1251c0483818e75e4c609cad91cf
-
SHA256
8b029659245e11cc52fe29bcf44890eba51e51ab512761ceebc0aba40588b014
-
SHA512
699d08d52af4243c4cad7149188e52d0440c7a788e4d93ff7ad1705fc951866029a928f3b55db149f7c83fbe7b9f1abed5872aabde4dadbaeb180400878d5b15
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Signatures
-
Hawkeye_reborn family
-
Processes:
resource yara_rule sample m00nd3v_logger -
M00nd3v_logger family
-
Nirsoft 1 IoCs
Processes:
resource yara_rule sample Nirsoft -
NirSoft MailPassView 1 IoCs
Password recovery tool for various email clients
Processes:
resource yara_rule sample MailPassView -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule sample WebBrowserPassView
Files
-
8b029659245e11cc52fe29bcf44890eba51e51ab512761ceebc0aba40588b014.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 627KB - Virtual size: 626KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ