hawkeye_reborn | f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd | Triage

Submit
Reports

Overview

overview

Static

static

f298bfeead...fd.exe

windows7-x64

f298bfeead...fd.exe

windows10-2004-x64

Sharing

General

Target

f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd
Size

1.3MB
Sample

220725-em2mhseban
MD5

c33b87f51e555f1e5317293e4a34049e
SHA1

7ad16a1923c1f0298dee9bd997dbec09087938ed
SHA256

f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd
SHA512

aed563dd5f20ba822497ba2e5cb92b15509b66971a2dc01805c0a1e2b4d3c4590766891f2080bc3a11b96fd5d41204d29795534114d5591ab040082013226409

Score

10^/10

hawkeye_reborn m00nd3v_logger agilenet infostealer keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd.exe

Resource

win7-20220718-en

hawkeye_reborn m00nd3v_logger agilenet infostealer keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd.exe

Resource

win10v2004-20220721-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd
- Size
  
  1.3MB
- MD5
  
  c33b87f51e555f1e5317293e4a34049e
- SHA1
  
  7ad16a1923c1f0298dee9bd997dbec09087938ed
- SHA256
  
  f298bfeead320b32fecc3e5e17b2e5e18c333637ed04a8df4008aad859d89dfd
- SHA512
  
  aed563dd5f20ba822497ba2e5cb92b15509b66971a2dc01805c0a1e2b4d3c4590766891f2080bc3a11b96fd5d41204d29795534114d5591ab040082013226409
Score

10^/10

hawkeye_reborn m00nd3v_logger agilenet infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggeragilenetinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy