hawkeye_reborn | 0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb | Triage

Submit
Reports

Overview

overview

Static

static

0dabe9e919...bb.exe

windows7_x64

0dabe9e919...bb.exe

windows10-2004_x64

Sharing

General

Target

0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb
Size

848KB
Sample

220529-t6f79abhhl
MD5

37e9e02c9e17bd27ed78d1196c7ac0b1
SHA1

0aaa5b234cb68f6008bcc10e0657c6442aea6ff8
SHA256

0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb
SHA512

8b1939f55f37e42b3dd71a2eb9261d26e9be237a3feba907c019afcda7e1582caa6626942360427cf83798338723d82d4a198ca22a336e445c76084ed30988ae

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb.exe

Resource

win7-20220414-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb.exe

Resource

win10v2004-20220414-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb
- Size
  
  848KB
- MD5
  
  37e9e02c9e17bd27ed78d1196c7ac0b1
- SHA1
  
  0aaa5b234cb68f6008bcc10e0657c6442aea6ff8
- SHA256
  
  0dabe9e919df479a7dde262aaf05c62c5242166c5fffa9a39603f79cc05684bb
- SHA512
  
  8b1939f55f37e42b3dd71a2eb9261d26e9be237a3feba907c019afcda7e1582caa6626942360427cf83798338723d82d4a198ca22a336e445c76084ed30988ae
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy