Overview

overview

10

Static

static

bbe6daff5ab978...ce.exe

windows7_x64

10

bbe6daff5ab978...ce.exe

windows10-2004_x64

10
General
Target

bbe6daff5ab978a08ada69939a3a27fbdc33dea86aee61bb4e1b8517050305ce

Size

688KB

Sample

220701-gbgt3sgab2

Score
10/10
MD5

fcadf020bf96377aac1e22fb4220d430

SHA1

8d692afad5924e3f7ca924397a09f1df9f70836d

SHA256

bbe6daff5ab978a08ada69939a3a27fbdc33dea86aee61bb4e1b8517050305ce

SHA512

0e787d21ea5519ce3bc47ff227e7a31e87f7a50d53014cb9e034b72c49720f759c2b724fbae1fc3b5253afb3a430181c38e3a1c5fff23fc146a5b2634b17699b

Malware Config

Extracted

Family

hawkeye_reborn
Version

10.0.0.0
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: sale@friendships-ke.icu

Password: happy2020happy
Attributes
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:happy2020happy _EmailPort:587 _EmailSSL:true _EmailServer:mail.privateemail.com _EmailUsername:sale@friendships-ke.icu _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:e989447a-60c8-4ef1-9f50-8ab347a1a2ba _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:true _SystemInfo:false _Version:10.0.0.0 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
name
HawkEye RebornX, Version=10.0.0.0, Culture=neutral, PublicKeyToken=null
Targets
Target

bbe6daff5ab978a08ada69939a3a27fbdc33dea86aee61bb4e1b8517050305ce

MD5

fcadf020bf96377aac1e22fb4220d430

Filesize

688KB

Score
10/10
SHA1

8d692afad5924e3f7ca924397a09f1df9f70836d

SHA256

bbe6daff5ab978a08ada69939a3a27fbdc33dea86aee61bb4e1b8517050305ce

SHA512

0e787d21ea5519ce3bc47ff227e7a31e87f7a50d53014cb9e034b72c49720f759c2b724fbae1fc3b5253afb3a430181c38e3a1c5fff23fc146a5b2634b17699b

Tags

Signatures

  • HawkEye Reborn

    Description

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    Tags

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Description

    Password recovery tool for various web browsers

  • Nirsoft

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

  • Uses the VBS compiler for execution

    TTPs

    Scripting

  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  Score
                  N/A

                  behavioral1

                  Score
                  10/10

                  behavioral2

                  Score
                  10/10