hawkeye_reborn | 3363f122fef4aba07930f568045b2db90a4b07f7b2c3ac47be368019612d762c

General

Target

3363f122fef4aba07930f568045b2db90a4b07f7b2c3ac47be368019612d762c
Size

1.0MB
Sample

220620-c3c8rabgal
MD5

23b8e57858f2edbef4f8414ae44a1772
SHA1

f23a3473e11dc0e0a7cbd26755460d5ee5d393bf
SHA256

3363f122fef4aba07930f568045b2db90a4b07f7b2c3ac47be368019612d762c
SHA512

43a2deb1cdee1f64194e16f6de87465d9b67260147d94aac0d30de1bf328c7b59d71d77fabbc3ea0835aa1019de4c24566a0bd8c29398e50301e5b9c6e01a4e5

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  3363f122fef4aba07930f568045b2db90a4b07f7b2c3ac47be368019612d762c
- Size
  
  1.0MB
- MD5
  
  23b8e57858f2edbef4f8414ae44a1772
- SHA1
  
  f23a3473e11dc0e0a7cbd26755460d5ee5d393bf
- SHA256
  
  3363f122fef4aba07930f568045b2db90a4b07f7b2c3ac47be368019612d762c
- SHA512
  
  43a2deb1cdee1f64194e16f6de87465d9b67260147d94aac0d30de1bf328c7b59d71d77fabbc3ea0835aa1019de4c24566a0bd8c29398e50301e5b9c6e01a4e5
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger persistence spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger Payload

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2