hawkeye_reborn | 376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6

General

Target

85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118
Size

780KB
Sample

240531-eced8sfb62
MD5

85e41a65ff21c6d4d41df8e23bffa808
SHA1

b22a88e0a71d7d6d248f403fb8ba989af1911fa2
SHA256

376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6
SHA512

95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652
SSDEEP

12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn

Score

10^/10

Malware Config

Extracted

Family

hawkeye_reborn

Attributes

fields
name

Extracted

Credentials

Protocol: smtp
Host:
mail.porr.com.mk
Port:
587
Username:
[email protected]
Password:
Sas@@1234

Targets

- Target
  
  85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118
- Size
  
  780KB
- MD5
  
  85e41a65ff21c6d4d41df8e23bffa808
- SHA1
  
  b22a88e0a71d7d6d248f403fb8ba989af1911fa2
- SHA256
  
  376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6
- SHA512
  
  95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652
- SSDEEP
  
  12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn
Score

10^/10

hawkeye_reborn m00nd3v_logger collection infostealer keylogger spyware stealer trojan
- HawkEye Reborn
  HawkEye Reborn is an enhanced version of the HawkEye malware kit.
  keylogger trojan stealer spyware hawkeye_reborn
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

HawkEye Reborn

M00nd3v_Logger

M00nD3v Logger payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2