hawkeye_reborn | 8b53a2b8c804e804fa38afd4a125d56531aaef531b3f6ed49dfede9707114212

General

Target

8512059f4dbd6dae13068ab29d5624fd_JaffaCakes118
Size

840KB
Sample

240530-12mmsscd37
MD5

8512059f4dbd6dae13068ab29d5624fd
SHA1

34b93471fd0337bcb6009f8f6579c632bb108bc5
SHA256

8b53a2b8c804e804fa38afd4a125d56531aaef531b3f6ed49dfede9707114212
SHA512

e8a31a508fb438d9a780aa4fabdef91351a3d0ec1ef435d1ca28cceda9fca4a2e21fb70d0a025d5fa6d2d003c5f8d11e63d19810aa9f7439be5ab015afd3201e
SSDEEP

24576:Wm0FAM1fguBqMpHK+J7FfIcCvuKz+ydlF:e1IepvTIcCvu8B

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Targets

- Target
  
  8512059f4dbd6dae13068ab29d5624fd_JaffaCakes118
- Size
  
  840KB
- MD5
  
  8512059f4dbd6dae13068ab29d5624fd
- SHA1
  
  34b93471fd0337bcb6009f8f6579c632bb108bc5
- SHA256
  
  8b53a2b8c804e804fa38afd4a125d56531aaef531b3f6ed49dfede9707114212
- SHA512
  
  e8a31a508fb438d9a780aa4fabdef91351a3d0ec1ef435d1ca28cceda9fca4a2e21fb70d0a025d5fa6d2d003c5f8d11e63d19810aa9f7439be5ab015afd3201e
- SSDEEP
  
  24576:Wm0FAM1fguBqMpHK+J7FfIcCvuKz+ydlF:e1IepvTIcCvu8B
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Drops startup file

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2