General
-
Target
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
-
Size
836KB
-
Sample
220530-b62vvahfb7
-
MD5
e0e9aacd66f1e5dc4561e9bf311b5b5b
-
SHA1
0b6d6354bffdfb077724ce8adc6845eac21669d0
-
SHA256
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
-
SHA512
86c2c8808d0a711fc44e0df0abebb1d6aef8e065dc7913c9b5fd084453f2aa6f07083d6b3452803b6bf10c8e7622f1587b216b8b4d169cfb7c4a6abe797d1a20
Static task
static1
Behavioral task
behavioral1
Sample
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
-
Size
836KB
-
MD5
e0e9aacd66f1e5dc4561e9bf311b5b5b
-
SHA1
0b6d6354bffdfb077724ce8adc6845eac21669d0
-
SHA256
0bdf5ff3799a0a5838bdd2c56186c22e4fe0a87ee51d3ddfae86907630d889d8
-
SHA512
86c2c8808d0a711fc44e0df0abebb1d6aef8e065dc7913c9b5fd084453f2aa6f07083d6b3452803b6bf10c8e7622f1587b216b8b4d169cfb7c4a6abe797d1a20
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-