General

  • Target

    39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9

  • Size

    518KB

  • Sample

    220717-e2g7esggfn

  • MD5

    d8b7335d7669b24ddb9b239953f0d7a7

  • SHA1

    f119bea19f892adc161a0ebb15ffbcc8150cc3c5

  • SHA256

    39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9

  • SHA512

    96c2ef1da4c5c1f55c17cadd46959a0ec8c0d9ddc947ac2c5c85fb9a3910d76436079ce2ed739c4f27f5d54cd8d1776670aeea305061fc43a046c92ebfbe515e

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9

    • Size

      518KB

    • MD5

      d8b7335d7669b24ddb9b239953f0d7a7

    • SHA1

      f119bea19f892adc161a0ebb15ffbcc8150cc3c5

    • SHA256

      39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9

    • SHA512

      96c2ef1da4c5c1f55c17cadd46959a0ec8c0d9ddc947ac2c5c85fb9a3910d76436079ce2ed739c4f27f5d54cd8d1776670aeea305061fc43a046c92ebfbe515e

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks