Extracted

• • Target

    6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

  • Size

    1.0MB

  • MD5

    cae69057d765afab2b71bff962a6a773

  • SHA1

    609eacd73e27bc55afc9b29b6469fb1ececfb6dc

  • SHA256

    6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

  • SHA512

    72dedf60b031d98f240ab74d1aa3b79b3c6567cbb64f82fa95b9503b01bb355f591900b639f84889991a3eb1f97cbf9a162c1e2123c7c1f0030ca67055243a22

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerpersistencespywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • Executes dropped EXE

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2