hawkeye_reborn | 7e15ae3b4ea92d200cbe0493b8c8a9a2daa4925a790fd870987acaa58b58f3a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

DHL DELIVE...DF.exe

windows7-x64

DHL DELIVE...DF.exe

windows10-2004-x64

Sharing

General

Target

55a1fb469efa963549e59c7a0eff67f4_JaffaCakes118
Size

787KB
Sample

240518-tp7c4sca72
MD5

55a1fb469efa963549e59c7a0eff67f4
SHA1

0d6e042c881615a6889f0b03575be5b757f2915e
SHA256

7e15ae3b4ea92d200cbe0493b8c8a9a2daa4925a790fd870987acaa58b58f3a4
SHA512

86034981fdd4daa512b175a00340221aeb878ddd02fe7740d1b859eeb0d3fc424ab088087d596cce74630996b694d2ad46af93cbf18b10731cbf89ce388b55e3
SSDEEP

24576:FF3OOySsMzc98q9OxDA40AdIifvxkzMVegv0sTtlVj:FF3zyFD79sAdgFnxkcntvj

Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHL DELIVERY NOTIFICATIONS_PDF.exe

Resource

win7-20240221-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL DELIVERY NOTIFICATIONS_PDF.exe

Resource

win10v2004-20240508-en

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  DHL DELIVERY NOTIFICATIONS_PDF.exe
- Size
  
  1.2MB
- MD5
  
  db6402598c61afc744302ddee3709138
- SHA1
  
  19b9742924e8d6d648fb9a83cf51302a5558b4bb
- SHA256
  
  525fb87d7847f492ee968f742edba531d80ea6c877afe7e0b8e36a69203a1df3
- SHA512
  
  5e3085aef1725770ca24d484025dac7d0136b6c61f819a9a1bf794a4b76e2f405480e66a0ca416dee12ceb90ba481030ce0b3f83c6f07bd07e5e7224d6ac988d
- SSDEEP
  
  12288:FZGWfYACds2n3WLm7rT6mHgTBBEYKRCaavcf0C90ebshTd+doVDTniKmxCyWrDwT:LmPdsKPHwBDKnaC9kDifxEPXWxDCST
Score

10^/10

hawkeye_reborn m00nd3v_logger infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

behavioral2

hawkeye_rebornm00nd3v_loggerinfostealerkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy