hawkeye_reborn | 0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8 | Triage

Submit
Reports

Overview

overview

Static

static

0bdf5ff379...d8.exe

windows7_x64

0bdf5ff379...d8.exe

windows10-2004_x64

Sharing

General

Target

0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
Size

836KB
Sample

220530-b62vvahfb7
MD5

e0e9aacd66f1e5dc4561e9bf311b5b5b
SHA1

0b6d6354bffdfb077724ce8adc6845eac21669d0
SHA256

0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
SHA512

86c2c8808d0a711fc44e0df0abebb1d6aef8e065dc7913c9b5fd084453f2aa6f07083d6b3452803b6bf10c8e7622f1587b216b8b4d169cfb7c4a6abe797d1a20

Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8.exe

Resource

win7-20220414-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8.exe

Resource

win10v2004-20220414-en

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
- Size
  
  836KB
- MD5
  
  e0e9aacd66f1e5dc4561e9bf311b5b5b
- SHA1
  
  0b6d6354bffdfb077724ce8adc6845eac21669d0
- SHA256
  
  0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
- SHA512
  
  86c2c8808d0a711fc44e0df0abebb1d6aef8e065dc7913c9b5fd084453f2aa6f07083d6b3452803b6bf10c8e7622f1587b216b8b4d169cfb7c4a6abe797d1a20
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan collection
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggercollectioninfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy