hawkeye_reborn | 04dd071c5cb9fb78ad922c1d19ae97bfe32583c210758cb2fa8f91ed2b7fdcbc

General

Target

04dd071c5cb9fb78ad922c1d19ae97bfe32583c210758cb2fa8f91ed2b7fdcbc
Size

817KB
Sample

220527-ygjdjaedbk
MD5

8d914bfb5f45b53628eb5e6956a696d2
SHA1

fb8e636a77c99f508f9193027bc5da24e712dabc
SHA256

04dd071c5cb9fb78ad922c1d19ae97bfe32583c210758cb2fa8f91ed2b7fdcbc
SHA512

0c5e86dc0b39bd57566ee12c85ac7fb0418f5cc2fa1bcf5e39ee23f73368c76111c8688dd312cf16ab35d75ada5c21afee8b1874777a7b04e986f487de182db3

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  04dd071c5cb9fb78ad922c1d19ae97bfe32583c210758cb2fa8f91ed2b7fdcbc
- Size
  
  817KB
- MD5
  
  8d914bfb5f45b53628eb5e6956a696d2
- SHA1
  
  fb8e636a77c99f508f9193027bc5da24e712dabc
- SHA256
  
  04dd071c5cb9fb78ad922c1d19ae97bfe32583c210758cb2fa8f91ed2b7fdcbc
- SHA512
  
  0c5e86dc0b39bd57566ee12c85ac7fb0418f5cc2fa1bcf5e39ee23f73368c76111c8688dd312cf16ab35d75ada5c21afee8b1874777a7b04e986f487de182db3
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger Payload

Checks computer location settings

Loads dropped DLL

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2