hawkeye_reborn | 5fb140d1932d22dd8143648fd0239c18264a66c5d8bb948156b71ba089c3306a

General

Target

5fb140d1932d22dd8143648fd0239c18264a66c5d8bb948156b71ba089c3306a
Size

791KB
Sample

220731-lyytbsbgej
MD5

39ffa3dd5db6edf0f208d118be8cb64a
SHA1

f523071595fc01b6134f961a9f6760636d1c64d1
SHA256

5fb140d1932d22dd8143648fd0239c18264a66c5d8bb948156b71ba089c3306a
SHA512

7143996029ef1a98acf0eb89aa3829a31cf7e2c57e4303a8ef0b4e086f8c1a67d1885404420b90ed78c3772853632290ec00e669bbd8135620f48aedda58f2fc

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  5fb140d1932d22dd8143648fd0239c18264a66c5d8bb948156b71ba089c3306a
- Size
  
  791KB
- MD5
  
  39ffa3dd5db6edf0f208d118be8cb64a
- SHA1
  
  f523071595fc01b6134f961a9f6760636d1c64d1
- SHA256
  
  5fb140d1932d22dd8143648fd0239c18264a66c5d8bb948156b71ba089c3306a
- SHA512
  
  7143996029ef1a98acf0eb89aa3829a31cf7e2c57e4303a8ef0b4e086f8c1a67d1885404420b90ed78c3772853632290ec00e669bbd8135620f48aedda58f2fc
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger persistence spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

Executes dropped EXE

Sets file execution options in registry

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2