hawkeye_reborn | 01e860205ff9560835c99bc8beec706f1e1249c19bb3f756dcaf6a50170ac369

General

Target

01e860205ff9560835c99bc8beec706f1e1249c19bb3f756dcaf6a50170ac369
Size

792KB
Sample

220523-vzaybsbhhn
MD5

1c23a2547d7d92cb5497f1d20df3b064
SHA1

d1a94b7602755c4be21026ee363bc6c4b7468dfd
SHA256

01e860205ff9560835c99bc8beec706f1e1249c19bb3f756dcaf6a50170ac369
SHA512

4273ef0fc3c1d73a3154a655bff8669d9871d43430689be53437cabd3117b2e39bc7739ce26ff262a989f4de344a858ff54bcdeb9aae555ae89df495805b5116

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  01e860205ff9560835c99bc8beec706f1e1249c19bb3f756dcaf6a50170ac369
- Size
  
  792KB
- MD5
  
  1c23a2547d7d92cb5497f1d20df3b064
- SHA1
  
  d1a94b7602755c4be21026ee363bc6c4b7468dfd
- SHA256
  
  01e860205ff9560835c99bc8beec706f1e1249c19bb3f756dcaf6a50170ac369
- SHA512
  
  4273ef0fc3c1d73a3154a655bff8669d9871d43430689be53437cabd3117b2e39bc7739ce26ff262a989f4de344a858ff54bcdeb9aae555ae89df495805b5116
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger Payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2