hawkeye_reborn | 612d970b264afbea7c98dea5d7be82c982b218be0f95cbb82aca89eebf754359

General

Target

612d970b264afbea7c98dea5d7be82c982b218be0f95cbb82aca89eebf754359
Size

1.4MB
Sample

220730-1t3n2shhe6
MD5

bf8f74eb5dee1bb05729a4092481f8c5
SHA1

b78641682de541b52ddc277e317432d904453e82
SHA256

612d970b264afbea7c98dea5d7be82c982b218be0f95cbb82aca89eebf754359
SHA512

17f06d41247f979f8bdb8fd22367b377233fb59a594affd5ddd47dfcff8faa2aa4e67e4e7005427a1a6712ad8766d2fa805111ef463bb90fd771d68e37ef0751

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  612d970b264afbea7c98dea5d7be82c982b218be0f95cbb82aca89eebf754359
- Size
  
  1.4MB
- MD5
  
  bf8f74eb5dee1bb05729a4092481f8c5
- SHA1
  
  b78641682de541b52ddc277e317432d904453e82
- SHA256
  
  612d970b264afbea7c98dea5d7be82c982b218be0f95cbb82aca89eebf754359
- SHA512
  
  17f06d41247f979f8bdb8fd22367b377233fb59a594affd5ddd47dfcff8faa2aa4e67e4e7005427a1a6712ad8766d2fa805111ef463bb90fd771d68e37ef0751
Score

10^/10

m00nd3v_logger infostealer spyware stealer hawkeye_reborn keylogger trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2