hawkeye_reborn | 02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f | Triage

Submit
Reports

Overview

overview

Static

static

1

2c919dec83...18.exe

windows7-x64

2c919dec83...18.exe

windows10-2004-x64

Sharing

General

Target

2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118
Size

1.1MB
Sample

240510-bcs1vahd61
MD5

2c919dec833098049a7a8cfd0c450cf8
SHA1

3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8
SHA256

02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f
SHA512

11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2
SSDEEP

24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118.exe

Resource

win7-20240221-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118.exe

Resource

win10v2004-20240508-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  2c919dec833098049a7a8cfd0c450cf8
- SHA1
  
  3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8
- SHA256
  
  02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f
- SHA512
  
  11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2
- SSDEEP
  
  24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy