General

  • Target

    439f3a91c4c4386bf875004a5fa65c3f4ce45544419a0401f0a8b40ff4af845b

  • Size

    696KB

  • Sample

    220707-18fstsgbh5

  • MD5

    02b6f972933bcaa6742a73e870d47b22

  • SHA1

    6bf026a686444a6e6baf7739d82f6fe63f13f423

  • SHA256

    439f3a91c4c4386bf875004a5fa65c3f4ce45544419a0401f0a8b40ff4af845b

  • SHA512

    d85c20da4c658be1132d9999edb3de52bba6645581780a25b10101ea5ca71c518eae2ba7b656dbdedb63fbe88b069521300b227b69c8b33416f667b3a1faacb3

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      439f3a91c4c4386bf875004a5fa65c3f4ce45544419a0401f0a8b40ff4af845b

    • Size

      696KB

    • MD5

      02b6f972933bcaa6742a73e870d47b22

    • SHA1

      6bf026a686444a6e6baf7739d82f6fe63f13f423

    • SHA256

      439f3a91c4c4386bf875004a5fa65c3f4ce45544419a0401f0a8b40ff4af845b

    • SHA512

      d85c20da4c658be1132d9999edb3de52bba6645581780a25b10101ea5ca71c518eae2ba7b656dbdedb63fbe88b069521300b227b69c8b33416f667b3a1faacb3

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks