hawkeye_reborn | 384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10 | Triage

Submit
Reports

Overview

overview

Static

static

24eca30556...18.exe

windows7-x64

9

24eca30556...18.exe

windows10-2004-x64

9

Sharing

General

Target

24eca305562ce8bd4f36ac89298175d6_JaffaCakes118
Size

552KB
Sample

240508-p4l89sfh62
MD5

24eca305562ce8bd4f36ac89298175d6
SHA1

52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357
SHA256

384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10
SHA512

dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7
SSDEEP

12288:E9rD+H23OO3n/LpPxM35B9qgObN8F6qlfNUqIFzGRIF6nj1K20XdDixi8B7xDFCs:CrDF3ln/Llib0J2

Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer

Static task

static1

infostealer m00nd3v_logger hawkeye_reborn

4 signatures

Behavioral task

behavioral1

Sample

24eca305562ce8bd4f36ac89298175d6_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

24eca305562ce8bd4f36ac89298175d6_JaffaCakes118.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  24eca305562ce8bd4f36ac89298175d6_JaffaCakes118
- Size
  
  552KB
- MD5
  
  24eca305562ce8bd4f36ac89298175d6
- SHA1
  
  52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357
- SHA256
  
  384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10
- SHA512
  
  dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7
- SSDEEP
  
  12288:E9rD+H23OO3n/LpPxM35B9qgObN8F6qlfNUqIFzGRIF6nj1K20XdDixi8B7xDFCs:CrDF3ln/Llib0J2
Score

9^/10

collection
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

infostealerm00nd3v_loggerhawkeye_reborn

behavioral1

behavioral2

© 2018-2024

Terms | Privacy