hawkeye_reborn | bc8916502006c13655027769ce62225fbf4e9e4380ac4c2aaf7892d45e058d4a

General

Target

77c0d92275f3c731ad9a65b18624cba6_JaffaCakes118
Size

1012KB
Sample

240527-dxjn1sfd95
MD5

77c0d92275f3c731ad9a65b18624cba6
SHA1

9739479e0254b3db03cddbf45ee300bca81c9d68
SHA256

bc8916502006c13655027769ce62225fbf4e9e4380ac4c2aaf7892d45e058d4a
SHA512

49b851bd909e28e7b34fc002d09e6f574cb401443b3a2342d5cb7cbbf1dfcccf22715f250a98df893b9d14a51e7d6f45255b6e107ae0c5358443c7bb52f8692c
SSDEEP

24576:NlozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1S:NlGzaT/iI4SBSynB

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  Documents98376532453.exe
- Size
  
  951KB
- MD5
  
  0bf39869b08ade7c8ed45ff5a26f70c4
- SHA1
  
  09ba2e264420ccd1cb0aae13501a7329c3493f54
- SHA256
  
  a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba
- SHA512
  
  4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658
- SSDEEP
  
  24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Drops startup file

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2