General

  • Target

    51fef8e428e33333c31c9026232baa98efdc3a586c55c808859065a964b56c5d

  • Size

    506KB

  • Sample

    220717-e2jegsfgh9

  • MD5

    87be39d73c04eaaa810c467979464abf

  • SHA1

    2625f55d8f70d14721ea1c17095c3c081fdc40ec

  • SHA256

    51fef8e428e33333c31c9026232baa98efdc3a586c55c808859065a964b56c5d

  • SHA512

    95222db9abb81227ca3a9cab7425261eaf102b0e3703a761aca6907a5598ce16414febadab53d91c72d4c3d1f0a9de183843bca34424ed1cee5fceb37d34013c

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      PAYMENT-PDF.exe

    • Size

      518KB

    • MD5

      d8b7335d7669b24ddb9b239953f0d7a7

    • SHA1

      f119bea19f892adc161a0ebb15ffbcc8150cc3c5

    • SHA256

      39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9

    • SHA512

      96c2ef1da4c5c1f55c17cadd46959a0ec8c0d9ddc947ac2c5c85fb9a3910d76436079ce2ed739c4f27f5d54cd8d1776670aeea305061fc43a046c92ebfbe515e

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks