Behavioral task
behavioral1
Sample
8618c98e3446a47be757fa2f7e2985255b02fe115fc4ba92bc148170a3c3761b.exe
Resource
win7-20240508-en
General
-
Target
8618c98e3446a47be757fa2f7e2985255b02fe115fc4ba92bc148170a3c3761b.exe
-
Size
552KB
-
MD5
04e288221e9300436aad51d0356020b0
-
SHA1
21c763411e60149cf4e035806ca368b2c47281c9
-
SHA256
8618c98e3446a47be757fa2f7e2985255b02fe115fc4ba92bc148170a3c3761b
-
SHA512
9c30a99ed1f6fa12c2e4856c159ac39089bbe1823d22718f159a5e4c53a52a847b38d433a6fd5f9c0d0b58f31d88894c5dbc83276d76acdb0e4418348586c036
-
SSDEEP
12288:aq8i3BV4HwTO3XiwxjmAxM35B9qgOUN8F6qlfNUqIFzGRIF6nj1K20XdDixi8B77:aq8iP4QTKiwxyAib0cE
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Signatures
-
Hawkeye_reborn family
-
resource yara_rule sample m00nd3v_logger -
M00nd3v_logger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8618c98e3446a47be757fa2f7e2985255b02fe115fc4ba92bc148170a3c3761b.exe
Files
-
8618c98e3446a47be757fa2f7e2985255b02fe115fc4ba92bc148170a3c3761b.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 548KB - Virtual size: 548KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ