hawkeye_reborn | c7f427fc88416af7ea99c1f0f469e4ff7c7f758b29daa78bdbab9ab83f1ce569

General

Target

47da4d3bf793afa1031e56f5b134386d_JaffaCakes118
Size

702KB
Sample

240515-y2zk9ahh9s
MD5

47da4d3bf793afa1031e56f5b134386d
SHA1

1414910b990f88f2c17d26c4754b101be524a45d
SHA256

c7f427fc88416af7ea99c1f0f469e4ff7c7f758b29daa78bdbab9ab83f1ce569
SHA512

1e3dbd03ecf735f29e05eae89ecce00788627aa3fbf9817ae91a6994c177355ba925f742808cc52a6cfa57fa6509b221d3365447c47832eb9240665966c3e803
SSDEEP

12288:bmB+N54kL2uW2m0e/h80S8+FUU2+dfp0XPZZsKk7OHA1XItXKi4gA:w+j4M2Cm0uQ2+B0f9csTXKrg

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Extracted

Credentials

Protocol: smtp
Host:
smtp.zoho.com
Port:
587
Username:
[email protected]
Password:
Rule@.#1

Targets

- Target
  
  47da4d3bf793afa1031e56f5b134386d_JaffaCakes118
- Size
  
  702KB
- MD5
  
  47da4d3bf793afa1031e56f5b134386d
- SHA1
  
  1414910b990f88f2c17d26c4754b101be524a45d
- SHA256
  
  c7f427fc88416af7ea99c1f0f469e4ff7c7f758b29daa78bdbab9ab83f1ce569
- SHA512
  
  1e3dbd03ecf735f29e05eae89ecce00788627aa3fbf9817ae91a6994c177355ba925f742808cc52a6cfa57fa6509b221d3365447c47832eb9240665966c3e803
- SSDEEP
  
  12288:bmB+N54kL2uW2m0e/h80S8+FUU2+dfp0XPZZsKk7OHA1XItXKi4gA:w+j4M2Cm0uQ2+B0f9csTXKrg
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2