hawkeye_reborn | 5f3cc5d66dba68642ea558418b22bc59ab165263249553ce24ba10af25702396

General

Target

5f3cc5d66dba68642ea558418b22bc59ab165263249553ce24ba10af25702396
Size

630KB
Sample

220731-wd91zabbhr
MD5

0025306c92ef036623fdd9c8680eb7f6
SHA1

5de4e2d583001cda30b555754321b58c10ed1678
SHA256

5f3cc5d66dba68642ea558418b22bc59ab165263249553ce24ba10af25702396
SHA512

703739ae57893b286ef414f039118cf4995219a6ec7dd0768b6d7696cacdc05161ec9438a18aeaefc54b084ec4de3b6b2d7e5602a770f48d06ce40766fcc8691

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  5f3cc5d66dba68642ea558418b22bc59ab165263249553ce24ba10af25702396
- Size
  
  630KB
- MD5
  
  0025306c92ef036623fdd9c8680eb7f6
- SHA1
  
  5de4e2d583001cda30b555754321b58c10ed1678
- SHA256
  
  5f3cc5d66dba68642ea558418b22bc59ab165263249553ce24ba10af25702396
- SHA512
  
  703739ae57893b286ef414f039118cf4995219a6ec7dd0768b6d7696cacdc05161ec9438a18aeaefc54b084ec4de3b6b2d7e5602a770f48d06ce40766fcc8691
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Drops desktop.ini file(s)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2