Overview

overview

10

Static

static

de35df8ebd60c5...1a.exe

windows7_x64

10

de35df8ebd60c5...1a.exe

windows10-2004_x64

10
General
Target

de35df8ebd60c52c2b4f616fae2a127e7730c09b8a151bf807e0d3498a250c1a

Size

797KB

Sample

220625-lv22ksfeap

Score
10/10
MD5

533f1369142e3a7109c0d7ebbbe8ed59

SHA1

63b583211949474683ec99b278bcfbbfdac1708d

SHA256

de35df8ebd60c52c2b4f616fae2a127e7730c09b8a151bf807e0d3498a250c1a

SHA512

85810fa4cb419929b2c797b624aa762181447e3daf8803fff8ba4bbd756b1ecab79415f90cf012952117d85cfaaa28d51f4d856e28197dc25e3c9e2810cb79f0

Malware Config

Extracted

Family

hawkeye_reborn
Version

10.0.0.1
Credentials

Protocol: smtp

Host: mail.eagleeyeapparels.com

Port: 587

Username: faruq@eagleeyeapparels.com

Password: eagle*qaz
Attributes
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:eagle*qaz _EmailPort:587 _EmailSSL:true _EmailServer:mail.eagleeyeapparels.com _EmailUsername:faruq@eagleeyeapparels.com _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:f98d37f4-ca90-4ed7-9f6f-6121c4014605 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:true _SystemInfo:true _Version:10.0.0.1 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
name
HawkEye RebornX, Version=10.0.0.1, Culture=neutral, PublicKeyToken=null
Targets
Target

de35df8ebd60c52c2b4f616fae2a127e7730c09b8a151bf807e0d3498a250c1a

MD5

533f1369142e3a7109c0d7ebbbe8ed59

Filesize

797KB

Score
10/10
SHA1

63b583211949474683ec99b278bcfbbfdac1708d

SHA256

de35df8ebd60c52c2b4f616fae2a127e7730c09b8a151bf807e0d3498a250c1a

SHA512

85810fa4cb419929b2c797b624aa762181447e3daf8803fff8ba4bbd756b1ecab79415f90cf012952117d85cfaaa28d51f4d856e28197dc25e3c9e2810cb79f0

Tags

Signatures

  • HawkEye Reborn

    Description

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral1

                          Score
                          10/10

                          behavioral2

                          Score
                          10/10