hawkeye_reborn | c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7 | Triage

Sharing

General

Target

c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7
Size

556KB
Sample

220314-pkmexsfbg6
MD5

e426879290dcc6f1218a98b8ec99f4b2
SHA1

b7b04374136d5efff82de0d9620c388ce2689fff
SHA256

c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7
SHA512

317748230e623d8ca6c79542b1f9339c4776d7927177a2e3f62634f9bf0d55b3795b841059389d8ed944648a0728e03593020002e1204d553831141fb1828ba5

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer spyware stealer

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7
- Size
  
  556KB
- MD5
  
  e426879290dcc6f1218a98b8ec99f4b2
- SHA1
  
  b7b04374136d5efff82de0d9620c388ce2689fff
- SHA256
  
  c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7
- SHA512
  
  317748230e623d8ca6c79542b1f9339c4776d7927177a2e3f62634f9bf0d55b3795b841059389d8ed944648a0728e03593020002e1204d553831141fb1828ba5
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

infostealerm00nd3v_loggerhawkeye_reborn

behavioral1

behavioral2