hawkeye_reborn | 39da82aec5faf855d0e6c320cf9381f5f01f08dd4eb149790a07d71ea5f9fa95 | Triage

Submit
Reports

Overview

overview

Static

static

3

1364992369...18.exe

windows7-x64

1364992369...18.exe

windows10-2004-x64

Sharing

General

Target

1364992369a3d4b3b9fde7bd25887335_JaffaCakes118
Size

937KB
Sample

240504-s6gy4sdb43
MD5

1364992369a3d4b3b9fde7bd25887335
SHA1

74d4425da265cca1b665daee821cced920289a16
SHA256

39da82aec5faf855d0e6c320cf9381f5f01f08dd4eb149790a07d71ea5f9fa95
SHA512

8d92a3fd67e19e6bbc9d529cd07999a4deecb761bf5c7aa1fc8af64e4e526a22fe549d07bdef4590ced3f5350c4de514857306848b6ab955de1399e16eeed782
SSDEEP

12288:36o/xuDT9T8aP8dSfWy8i/bvKziF7j2w2BTwR6ry9msEUOOgGwbP8u7:k3QXy8i/bvkTHry9m/UOOgGcV

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1364992369a3d4b3b9fde7bd25887335_JaffaCakes118.exe

Resource

win7-20240215-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1364992369a3d4b3b9fde7bd25887335_JaffaCakes118.exe

Resource

win10v2004-20240419-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  1364992369a3d4b3b9fde7bd25887335_JaffaCakes118
- Size
  
  937KB
- MD5
  
  1364992369a3d4b3b9fde7bd25887335
- SHA1
  
  74d4425da265cca1b665daee821cced920289a16
- SHA256
  
  39da82aec5faf855d0e6c320cf9381f5f01f08dd4eb149790a07d71ea5f9fa95
- SHA512
  
  8d92a3fd67e19e6bbc9d529cd07999a4deecb761bf5c7aa1fc8af64e4e526a22fe549d07bdef4590ced3f5350c4de514857306848b6ab955de1399e16eeed782
- SSDEEP
  
  12288:36o/xuDT9T8aP8dSfWy8i/bvKziF7j2w2BTwR6ry9msEUOOgGwbP8u7:k3QXy8i/bvkTHry9m/UOOgGcV
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy