hawkeye_reborn | 424ad06f0579ad0a151bcc4c4001b688617d943e1e279506e61b1a799fce118d

General

Target

424ad06f0579ad0a151bcc4c4001b688617d943e1e279506e61b1a799fce118d
Size

1.8MB
Sample

220708-dhzfxsggc3
MD5

ba5ff9870d53408e2d8a6b889583a770
SHA1

428cf5a695861a001b5f7f5cbc5750f1e9ed5b45
SHA256

424ad06f0579ad0a151bcc4c4001b688617d943e1e279506e61b1a799fce118d
SHA512

3fc73b3a7d90e2ebe5b87d8d4d05b4457b1483341db062bef718dccc4c80653eb1a264d9c38dfb30bc75d63e997299b766355af7dbe293fe4a8f623b10f690b1

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  424ad06f0579ad0a151bcc4c4001b688617d943e1e279506e61b1a799fce118d
- Size
  
  1.8MB
- MD5
  
  ba5ff9870d53408e2d8a6b889583a770
- SHA1
  
  428cf5a695861a001b5f7f5cbc5750f1e9ed5b45
- SHA256
  
  424ad06f0579ad0a151bcc4c4001b688617d943e1e279506e61b1a799fce118d
- SHA512
  
  3fc73b3a7d90e2ebe5b87d8d4d05b4457b1483341db062bef718dccc4c80653eb1a264d9c38dfb30bc75d63e997299b766355af7dbe293fe4a8f623b10f690b1
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Drops startup file

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2