hawkeye_reborn | 3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a | Triage

Submit
Reports

Overview

overview

Static

static

3c92435ea3...0a.exe

windows7_x64

3c92435ea3...0a.exe

windows10-2004_x64

Sharing

General

Target

3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a
Size

893KB
Sample

220703-htkjcshgbm
MD5

45bcaf1873553f6047d714fcec3362f1
SHA1

e898892a0af8a34d666543f5169dd34d6dbba6e9
SHA256

3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a
SHA512

e686717f37d87ce87473079969c6cf2f8a608eb68adc8516f18a03fa18e0e4077905deb9cd8b0555c108c387bdd4322fbf1dcc2d79d465f65600eb92bb5fa345

Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a.exe

Resource

win7-20220414-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a.exe

Resource

win10v2004-20220414-en

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a
- Size
  
  893KB
- MD5
  
  45bcaf1873553f6047d714fcec3362f1
- SHA1
  
  e898892a0af8a34d666543f5169dd34d6dbba6e9
- SHA256
  
  3c92435ea37038bf93a3b93fd5df4d923006c91b728064eaedcc894b7615e90a
- SHA512
  
  e686717f37d87ce87473079969c6cf2f8a608eb68adc8516f18a03fa18e0e4077905deb9cd8b0555c108c387bdd4322fbf1dcc2d79d465f65600eb92bb5fa345
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan collection
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger Payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggercollectioninfostealerkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy