Overview

overview

10

Static

static

6124eebe62...0c.exe

windows7-x64

10

6124eebe62...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

  • Size

    1.0MB

  • Sample

    220730-1ypyraabb2

  • MD5

    cae69057d765afab2b71bff962a6a773

  • SHA1

    609eacd73e27bc55afc9b29b6469fb1ececfb6dc

  • SHA256

    6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

  • SHA512

    72dedf60b031d98f240ab74d1aa3b79b3c6567cbb64f82fa95b9503b01bb355f591900b639f84889991a3eb1f97cbf9a162c1e2123c7c1f0030ca67055243a22

Score
10/10
hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

    • Size

      1.0MB

    • MD5

      cae69057d765afab2b71bff962a6a773

    • SHA1

      609eacd73e27bc55afc9b29b6469fb1ececfb6dc

    • SHA256

      6124eebe62b150920f4c092163e9470489e8adb9f950e8b7478b05f31822930c

    • SHA512

      72dedf60b031d98f240ab74d1aa3b79b3c6567cbb64f82fa95b9503b01bb355f591900b639f84889991a3eb1f97cbf9a162c1e2123c7c1f0030ca67055243a22

    Score
    10/10
    hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerpersistencespywarestealertrojan

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks