17.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
7.0.origigoods40.exe.c30000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
35.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
28.2.origigoods40.exe.e20000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
31.2.origigoods20.exe.720000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
6.2.hawkgoods.exe.34fa72.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
10.0.origigoods20.exe.e0000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
10.2.origigoods20.exe.e0000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
6.2.hawkgoods.exe.73f0000.10.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.2.hawkgoods.exe.2f9c0d.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.hawkgoods.exe.3a27e00.7.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.3a27e00.7.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a40000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
27.2.hawkgoods.exe.a40000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
27.2.hawkgoods.exe.a40000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.a40000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.2.hawkgoods.exe.a40000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a40000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
27.0.hawkgoods.exe.a9fa72.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.34fa72.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.7540000.11.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.0.hawkgoods.exe.34fa72.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1dc55:$key: HawkEyeKeylogger
- 0x1fe99:$salt: 099u787978786
- 0x1e296:$string1: HawkEye_Keylogger
- 0x1f0e9:$string1: HawkEye_Keylogger
- 0x1fdf9:$string1: HawkEye_Keylogger
- 0x1e67f:$string2: holdermail.txt
- 0x1e69f:$string2: holdermail.txt
- 0x1e5c1:$string3: wallet.dat
- 0x1e5d9:$string3: wallet.dat
- 0x1e5ef:$string3: wallet.dat
- 0x1f9bd:$string4: Keylog Records
- 0x1fcd5:$string4: Keylog Records
- 0x1fef1:$string5: do not script -->
- 0x1dc3d:$string6: \pidloc.txt
- 0x1dccb:$string7: BSPLIT
- 0x1dcdb:$string7: BSPLIT
|
6.0.hawkgoods.exe.34fa72.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.34fa72.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.0.hawkgoods.exe.34fa72.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ee:$hawkstr1: HawkEye Keylogger
- 0x1f12f:$hawkstr1: HawkEye Keylogger
- 0x1f45e:$hawkstr1: HawkEye Keylogger
- 0x1f5b9:$hawkstr1: HawkEye Keylogger
- 0x1f71c:$hawkstr1: HawkEye Keylogger
- 0x1f995:$hawkstr1: HawkEye Keylogger
- 0x1de7c:$hawkstr2: Dear HawkEye Customers!
- 0x1f4b1:$hawkstr2: Dear HawkEye Customers!
- 0x1f608:$hawkstr2: Dear HawkEye Customers!
- 0x1f76f:$hawkstr2: Dear HawkEye Customers!
- 0x1df9d:$hawkstr3: HawkEye Logger Details:
|
6.0.hawkgoods.exe.2f0000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.0.hawkgoods.exe.2f0000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
6.0.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.0.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.0.hawkgoods.exe.2f0000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
6.2.hawkgoods.exe.3a40240.6.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.0.hawkgoods.exe.a48208.1.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
27.0.hawkgoods.exe.a48208.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
27.0.hawkgoods.exe.a48208.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a48208.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.0.hawkgoods.exe.a48208.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.0.hawkgoods.exe.a48208.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
8.2.Matiexgoods.exe.f70000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
27.0.hawkgoods.exe.a9fa72.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1dc55:$key: HawkEyeKeylogger
- 0x1fe99:$salt: 099u787978786
- 0x1e296:$string1: HawkEye_Keylogger
- 0x1f0e9:$string1: HawkEye_Keylogger
- 0x1fdf9:$string1: HawkEye_Keylogger
- 0x1e67f:$string2: holdermail.txt
- 0x1e69f:$string2: holdermail.txt
- 0x1e5c1:$string3: wallet.dat
- 0x1e5d9:$string3: wallet.dat
- 0x1e5ef:$string3: wallet.dat
- 0x1f9bd:$string4: Keylog Records
- 0x1fcd5:$string4: Keylog Records
- 0x1fef1:$string5: do not script -->
- 0x1dc3d:$string6: \pidloc.txt
- 0x1dccb:$string7: BSPLIT
- 0x1dcdb:$string7: BSPLIT
|
27.0.hawkgoods.exe.a9fa72.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a9fa72.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.0.hawkgoods.exe.a9fa72.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ee:$hawkstr1: HawkEye Keylogger
- 0x1f12f:$hawkstr1: HawkEye Keylogger
- 0x1f45e:$hawkstr1: HawkEye Keylogger
- 0x1f5b9:$hawkstr1: HawkEye Keylogger
- 0x1f71c:$hawkstr1: HawkEye Keylogger
- 0x1f995:$hawkstr1: HawkEye Keylogger
- 0x1de7c:$hawkstr2: Dear HawkEye Customers!
- 0x1f4b1:$hawkstr2: Dear HawkEye Customers!
- 0x1f608:$hawkstr2: Dear HawkEye Customers!
- 0x1f76f:$hawkstr2: Dear HawkEye Customers!
- 0x1df9d:$hawkstr3: HawkEye Logger Details:
|
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
27.2.hawkgoods.exe.41d0240.6.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a49c0d.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
27.2.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.2.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a49c0d.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
27.2.hawkgoods.exe.41b7e00.7.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.41b7e00.7.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
30.0.Matiexgoods.exe.bd0000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
27.0.hawkgoods.exe.a49c0d.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
27.0.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.0.hawkgoods.exe.a49c0d.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.0.hawkgoods.exe.a49c0d.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
6.0.hawkgoods.exe.2f9c0d.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.4031bf.2.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
26.2.RegAsm.exe.4031bf.2.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x79ac7:$key: HawkEyeKeylogger
- 0x7bd0b:$salt: 099u787978786
- 0x7a108:$string1: HawkEye_Keylogger
- 0x7af5b:$string1: HawkEye_Keylogger
- 0x7bc6b:$string1: HawkEye_Keylogger
- 0x7a4f1:$string2: holdermail.txt
- 0x7a511:$string2: holdermail.txt
- 0x7a433:$string3: wallet.dat
- 0x7a44b:$string3: wallet.dat
- 0x7a461:$string3: wallet.dat
- 0x7b82f:$string4: Keylog Records
- 0x7bb47:$string4: Keylog Records
- 0x7bd63:$string5: do not script -->
- 0x79aaf:$string6: \pidloc.txt
- 0x79b3d:$string7: BSPLIT
- 0x79b4d:$string7: BSPLIT
|
26.2.RegAsm.exe.4031bf.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
26.2.RegAsm.exe.4031bf.2.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
26.2.RegAsm.exe.4031bf.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.4031bf.2.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7a160:$hawkstr1: HawkEye Keylogger
- 0x7afa1:$hawkstr1: HawkEye Keylogger
- 0x7b2d0:$hawkstr1: HawkEye Keylogger
- 0x7b42b:$hawkstr1: HawkEye Keylogger
- 0x7b58e:$hawkstr1: HawkEye Keylogger
- 0x7b807:$hawkstr1: HawkEye Keylogger
- 0x79cee:$hawkstr2: Dear HawkEye Customers!
- 0x7b323:$hawkstr2: Dear HawkEye Customers!
- 0x7b47a:$hawkstr2: Dear HawkEye Customers!
- 0x7b5e1:$hawkstr2: Dear HawkEye Customers!
- 0x79e0f:$hawkstr3: HawkEye Logger Details:
|
27.2.hawkgoods.exe.41d0240.6.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a9fa72.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.a9fa72.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1dc55:$key: HawkEyeKeylogger
- 0x1fe99:$salt: 099u787978786
- 0x1e296:$string1: HawkEye_Keylogger
- 0x1f0e9:$string1: HawkEye_Keylogger
- 0x1fdf9:$string1: HawkEye_Keylogger
- 0x1e67f:$string2: holdermail.txt
- 0x1e69f:$string2: holdermail.txt
- 0x1e5c1:$string3: wallet.dat
- 0x1e5d9:$string3: wallet.dat
- 0x1e5ef:$string3: wallet.dat
- 0x1f9bd:$string4: Keylog Records
- 0x1fcd5:$string4: Keylog Records
- 0x1fef1:$string5: do not script -->
- 0x1dc3d:$string6: \pidloc.txt
- 0x1dccb:$string7: BSPLIT
- 0x1dcdb:$string7: BSPLIT
|
27.2.hawkgoods.exe.a9fa72.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.a9fa72.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.2.hawkgoods.exe.a9fa72.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ee:$hawkstr1: HawkEye Keylogger
- 0x1f12f:$hawkstr1: HawkEye Keylogger
- 0x1f45e:$hawkstr1: HawkEye Keylogger
- 0x1f5b9:$hawkstr1: HawkEye Keylogger
- 0x1f71c:$hawkstr1: HawkEye Keylogger
- 0x1f995:$hawkstr1: HawkEye Keylogger
- 0x1de7c:$hawkstr2: Dear HawkEye Customers!
- 0x1f4b1:$hawkstr2: Dear HawkEye Customers!
- 0x1f608:$hawkstr2: Dear HawkEye Customers!
- 0x1f76f:$hawkstr2: Dear HawkEye Customers!
- 0x1df9d:$hawkstr3: HawkEye Logger Details:
|
8.2.Matiexgoods.exe.f9277c.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
27.2.hawkgoods.exe.41b7e00.7.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.7c90000.10.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.2.hawkgoods.exe.2f8208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.2.hawkgoods.exe.2f8208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
6.2.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.2.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.hawkgoods.exe.2f8208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
28.0.origigoods40.exe.e20000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
6.2.hawkgoods.exe.2f0000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.2.hawkgoods.exe.2f0000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
6.2.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.2.hawkgoods.exe.2f0000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.hawkgoods.exe.2f0000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
34.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.2f8208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.0.hawkgoods.exe.2f8208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
6.0.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.0.hawkgoods.exe.2f8208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.0.hawkgoods.exe.2f8208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
6.2.hawkgoods.exe.3a40240.6.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
7.2.origigoods40.exe.c30000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
30.2.Matiexgoods.exe.bd0000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
31.0.origigoods20.exe.720000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x79ac7:$key: HawkEyeKeylogger
- 0x7bd0b:$salt: 099u787978786
- 0x7a108:$string1: HawkEye_Keylogger
- 0x7af5b:$string1: HawkEye_Keylogger
- 0x7bc6b:$string1: HawkEye_Keylogger
- 0x7a4f1:$string2: holdermail.txt
- 0x7a511:$string2: holdermail.txt
- 0x7a433:$string3: wallet.dat
- 0x7a44b:$string3: wallet.dat
- 0x7a461:$string3: wallet.dat
- 0x7b82f:$string4: Keylog Records
- 0x7bb47:$string4: Keylog Records
- 0x7bd63:$string5: do not script -->
- 0x79aaf:$string6: \pidloc.txt
- 0x79b3d:$string7: BSPLIT
- 0x79b4d:$string7: BSPLIT
|
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7a160:$hawkstr1: HawkEye Keylogger
- 0x7afa1:$hawkstr1: HawkEye Keylogger
- 0x7b2d0:$hawkstr1: HawkEye Keylogger
- 0x7b42b:$hawkstr1: HawkEye Keylogger
- 0x7b58e:$hawkstr1: HawkEye Keylogger
- 0x7b807:$hawkstr1: HawkEye Keylogger
- 0x79cee:$hawkstr2: Dear HawkEye Customers!
- 0x7b323:$hawkstr2: Dear HawkEye Customers!
- 0x7b47a:$hawkstr2: Dear HawkEye Customers!
- 0x7b5e1:$hawkstr2: Dear HawkEye Customers!
- 0x79e0f:$hawkstr3: HawkEye Logger Details:
|
8.0.Matiexgoods.exe.f9277c.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
5.2.RegAsm.exe.4031bf.1.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RegAsm.exe.4031bf.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
5.2.RegAsm.exe.4031bf.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
5.2.RegAsm.exe.4031bf.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RegAsm.exe.4031bf.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
5.2.RegAsm.exe.4031bf.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RegAsm.exe.4031bf.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
5.2.RegAsm.exe.40afcc.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.7f40000.11.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
8.0.Matiexgoods.exe.f70000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
26.2.RegAsm.exe.40afcc.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
35.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.hawkgoods.exe.3a27e00.7.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a40000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
27.0.hawkgoods.exe.a40000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
27.0.hawkgoods.exe.a40000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a40000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.0.hawkgoods.exe.a40000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.0.hawkgoods.exe.a40000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
5.2.RegAsm.exe.4031bf.1.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RegAsm.exe.4031bf.1.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x79ac7:$key: HawkEyeKeylogger
- 0x7bd0b:$salt: 099u787978786
- 0x7a108:$string1: HawkEye_Keylogger
- 0x7af5b:$string1: HawkEye_Keylogger
- 0x7bc6b:$string1: HawkEye_Keylogger
- 0x7a4f1:$string2: holdermail.txt
- 0x7a511:$string2: holdermail.txt
- 0x7a433:$string3: wallet.dat
- 0x7a44b:$string3: wallet.dat
- 0x7a461:$string3: wallet.dat
- 0x7b82f:$string4: Keylog Records
- 0x7bb47:$string4: Keylog Records
- 0x7bd63:$string5: do not script -->
- 0x79aaf:$string6: \pidloc.txt
- 0x79b3d:$string7: BSPLIT
- 0x79b4d:$string7: BSPLIT
|
5.2.RegAsm.exe.4031bf.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RegAsm.exe.4031bf.1.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
5.2.RegAsm.exe.4031bf.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RegAsm.exe.4031bf.1.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7a160:$hawkstr1: HawkEye Keylogger
- 0x7afa1:$hawkstr1: HawkEye Keylogger
- 0x7b2d0:$hawkstr1: HawkEye Keylogger
- 0x7b42b:$hawkstr1: HawkEye Keylogger
- 0x7b58e:$hawkstr1: HawkEye Keylogger
- 0x7b807:$hawkstr1: HawkEye Keylogger
- 0x79cee:$hawkstr2: Dear HawkEye Customers!
- 0x7b323:$hawkstr2: Dear HawkEye Customers!
- 0x7b47a:$hawkstr2: Dear HawkEye Customers!
- 0x7b5e1:$hawkstr2: Dear HawkEye Customers!
- 0x79e0f:$hawkstr3: HawkEye Logger Details:
|
34.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.0.hawkgoods.exe.a49c0d.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a48208.3.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
27.2.hawkgoods.exe.a48208.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
27.2.hawkgoods.exe.a48208.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
27.2.hawkgoods.exe.a48208.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.2.hawkgoods.exe.a48208.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.a48208.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
18.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
27.2.hawkgoods.exe.31f8c9c.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
17.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x79ac7:$key: HawkEyeKeylogger
- 0x7bd0b:$salt: 099u787978786
- 0x7a108:$string1: HawkEye_Keylogger
- 0x7af5b:$string1: HawkEye_Keylogger
- 0x7bc6b:$string1: HawkEye_Keylogger
- 0x7a4f1:$string2: holdermail.txt
- 0x7a511:$string2: holdermail.txt
- 0x7a433:$string3: wallet.dat
- 0x7a44b:$string3: wallet.dat
- 0x7a461:$string3: wallet.dat
- 0x7b82f:$string4: Keylog Records
- 0x7bb47:$string4: Keylog Records
- 0x7bd63:$string5: do not script -->
- 0x79aaf:$string6: \pidloc.txt
- 0x79b3d:$string7: BSPLIT
- 0x79b4d:$string7: BSPLIT
|
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7a160:$hawkstr1: HawkEye Keylogger
- 0x7afa1:$hawkstr1: HawkEye Keylogger
- 0x7b2d0:$hawkstr1: HawkEye Keylogger
- 0x7b42b:$hawkstr1: HawkEye Keylogger
- 0x7b58e:$hawkstr1: HawkEye Keylogger
- 0x7b807:$hawkstr1: HawkEye Keylogger
- 0x79cee:$hawkstr2: Dear HawkEye Customers!
- 0x7b323:$hawkstr2: Dear HawkEye Customers!
- 0x7b47a:$hawkstr2: Dear HawkEye Customers!
- 0x7b5e1:$hawkstr2: Dear HawkEye Customers!
- 0x79e0f:$hawkstr3: HawkEye Logger Details:
|
30.2.Matiexgoods.exe.bf277c.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
26.2.RegAsm.exe.400000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x990e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
26.2.RegAsm.exe.400000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7ddb2:$key: HawkEyeKeylogger
- 0x7fff6:$salt: 099u787978786
- 0x7e3f3:$string1: HawkEye_Keylogger
- 0x7f246:$string1: HawkEye_Keylogger
- 0x7ff56:$string1: HawkEye_Keylogger
- 0x7e7dc:$string2: holdermail.txt
- 0x7e7fc:$string2: holdermail.txt
- 0x7e71e:$string3: wallet.dat
- 0x7e736:$string3: wallet.dat
- 0x7e74c:$string3: wallet.dat
- 0x7fb1a:$string4: Keylog Records
- 0x7fe32:$string4: Keylog Records
- 0x8004e:$string5: do not script -->
- 0x7dd9a:$string6: \pidloc.txt
- 0x7de28:$string7: BSPLIT
- 0x7de38:$string7: BSPLIT
|
26.2.RegAsm.exe.400000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
26.2.RegAsm.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
26.2.RegAsm.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
26.2.RegAsm.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.400000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7e44b:$hawkstr1: HawkEye Keylogger
- 0x7f28c:$hawkstr1: HawkEye Keylogger
- 0x7f5bb:$hawkstr1: HawkEye Keylogger
- 0x7f716:$hawkstr1: HawkEye Keylogger
- 0x7f879:$hawkstr1: HawkEye Keylogger
- 0x7faf2:$hawkstr1: HawkEye Keylogger
- 0x7dfd9:$hawkstr2: Dear HawkEye Customers!
- 0x7f60e:$hawkstr2: Dear HawkEye Customers!
- 0x7f765:$hawkstr2: Dear HawkEye Customers!
- 0x7f8cc:$hawkstr2: Dear HawkEye Customers!
- 0x7e0fa:$hawkstr3: HawkEye Logger Details:
|
27.2.hawkgoods.exe.a49c0d.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
18.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
30.0.Matiexgoods.exe.bf277c.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
6.2.hawkgoods.exe.34fa72.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1dc55:$key: HawkEyeKeylogger
- 0x1fe99:$salt: 099u787978786
- 0x1e296:$string1: HawkEye_Keylogger
- 0x1f0e9:$string1: HawkEye_Keylogger
- 0x1fdf9:$string1: HawkEye_Keylogger
- 0x1e67f:$string2: holdermail.txt
- 0x1e69f:$string2: holdermail.txt
- 0x1e5c1:$string3: wallet.dat
- 0x1e5d9:$string3: wallet.dat
- 0x1e5ef:$string3: wallet.dat
- 0x1f9bd:$string4: Keylog Records
- 0x1fcd5:$string4: Keylog Records
- 0x1fef1:$string5: do not script -->
- 0x1dc3d:$string6: \pidloc.txt
- 0x1dccb:$string7: BSPLIT
- 0x1dcdb:$string7: BSPLIT
|
6.2.hawkgoods.exe.34fa72.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.hawkgoods.exe.34fa72.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.2.hawkgoods.exe.34fa72.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ee:$hawkstr1: HawkEye Keylogger
- 0x1f12f:$hawkstr1: HawkEye Keylogger
- 0x1f45e:$hawkstr1: HawkEye Keylogger
- 0x1f5b9:$hawkstr1: HawkEye Keylogger
- 0x1f71c:$hawkstr1: HawkEye Keylogger
- 0x1f995:$hawkstr1: HawkEye Keylogger
- 0x1de7c:$hawkstr2: Dear HawkEye Customers!
- 0x1f4b1:$hawkstr2: Dear HawkEye Customers!
- 0x1f608:$hawkstr2: Dear HawkEye Customers!
- 0x1f76f:$hawkstr2: Dear HawkEye Customers!
- 0x1df9d:$hawkstr3: HawkEye Logger Details:
|
26.2.RegAsm.exe.4095c7.1.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
26.2.RegAsm.exe.4095c7.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
26.2.RegAsm.exe.4095c7.1.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
26.2.RegAsm.exe.4095c7.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
26.2.RegAsm.exe.4095c7.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
26.2.RegAsm.exe.4095c7.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.4095c7.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
5.2.RegAsm.exe.4095c7.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RegAsm.exe.4095c7.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x754bf:$key: HawkEyeKeylogger
- 0x77703:$salt: 099u787978786
- 0x75b00:$string1: HawkEye_Keylogger
- 0x76953:$string1: HawkEye_Keylogger
- 0x77663:$string1: HawkEye_Keylogger
- 0x75ee9:$string2: holdermail.txt
- 0x75f09:$string2: holdermail.txt
- 0x75e2b:$string3: wallet.dat
- 0x75e43:$string3: wallet.dat
- 0x75e59:$string3: wallet.dat
- 0x77227:$string4: Keylog Records
- 0x7753f:$string4: Keylog Records
- 0x7775b:$string5: do not script -->
- 0x754a7:$string6: \pidloc.txt
- 0x75535:$string7: BSPLIT
- 0x75545:$string7: BSPLIT
|
5.2.RegAsm.exe.4095c7.2.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
5.2.RegAsm.exe.4095c7.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RegAsm.exe.4095c7.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
5.2.RegAsm.exe.4095c7.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RegAsm.exe.4095c7.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b58:$hawkstr1: HawkEye Keylogger
- 0x76999:$hawkstr1: HawkEye Keylogger
- 0x76cc8:$hawkstr1: HawkEye Keylogger
- 0x76e23:$hawkstr1: HawkEye Keylogger
- 0x76f86:$hawkstr1: HawkEye Keylogger
- 0x771ff:$hawkstr1: HawkEye Keylogger
- 0x756e6:$hawkstr2: Dear HawkEye Customers!
- 0x76d1b:$hawkstr2: Dear HawkEye Customers!
- 0x76e72:$hawkstr2: Dear HawkEye Customers!
- 0x76fd9:$hawkstr2: Dear HawkEye Customers!
- 0x75807:$hawkstr3: HawkEye Logger Details:
|
5.2.RegAsm.exe.40afcc.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
5.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
5.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
5.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RegAsm.exe.40afcc.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
6.2.hawkgoods.exe.2a689b0.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RegAsm.exe.400000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x990e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RegAsm.exe.400000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7ddb2:$key: HawkEyeKeylogger
- 0x7fff6:$salt: 099u787978786
- 0x7e3f3:$string1: HawkEye_Keylogger
- 0x7f246:$string1: HawkEye_Keylogger
- 0x7ff56:$string1: HawkEye_Keylogger
- 0x7e7dc:$string2: holdermail.txt
- 0x7e7fc:$string2: holdermail.txt
- 0x7e71e:$string3: wallet.dat
- 0x7e736:$string3: wallet.dat
- 0x7e74c:$string3: wallet.dat
- 0x7fb1a:$string4: Keylog Records
- 0x7fe32:$string4: Keylog Records
- 0x8004e:$string5: do not script -->
- 0x7dd9a:$string6: \pidloc.txt
- 0x7de28:$string7: BSPLIT
- 0x7de38:$string7: BSPLIT
|
5.2.RegAsm.exe.400000.0.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
5.2.RegAsm.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RegAsm.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
5.2.RegAsm.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RegAsm.exe.400000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7e44b:$hawkstr1: HawkEye Keylogger
- 0x7f28c:$hawkstr1: HawkEye Keylogger
- 0x7f5bb:$hawkstr1: HawkEye Keylogger
- 0x7f716:$hawkstr1: HawkEye Keylogger
- 0x7f879:$hawkstr1: HawkEye Keylogger
- 0x7faf2:$hawkstr1: HawkEye Keylogger
- 0x7dfd9:$hawkstr2: Dear HawkEye Customers!
- 0x7f60e:$hawkstr2: Dear HawkEye Customers!
- 0x7f765:$hawkstr2: Dear HawkEye Customers!
- 0x7f8cc:$hawkstr2: Dear HawkEye Customers!
- 0x7e0fa:$hawkstr3: HawkEye Logger Details:
|
26.2.RegAsm.exe.40afcc.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73aba:$key: HawkEyeKeylogger
- 0x75cfe:$salt: 099u787978786
- 0x740fb:$string1: HawkEye_Keylogger
- 0x74f4e:$string1: HawkEye_Keylogger
- 0x75c5e:$string1: HawkEye_Keylogger
- 0x744e4:$string2: holdermail.txt
- 0x74504:$string2: holdermail.txt
- 0x74426:$string3: wallet.dat
- 0x7443e:$string3: wallet.dat
- 0x74454:$string3: wallet.dat
- 0x75822:$string4: Keylog Records
- 0x75b3a:$string4: Keylog Records
- 0x75d56:$string5: do not script -->
- 0x73aa2:$string6: \pidloc.txt
- 0x73b30:$string7: BSPLIT
- 0x73b40:$string7: BSPLIT
|
26.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
26.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
26.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
26.2.RegAsm.exe.40afcc.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.40afcc.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74153:$hawkstr1: HawkEye Keylogger
- 0x74f94:$hawkstr1: HawkEye Keylogger
- 0x752c3:$hawkstr1: HawkEye Keylogger
- 0x7541e:$hawkstr1: HawkEye Keylogger
- 0x75581:$hawkstr1: HawkEye Keylogger
- 0x757fa:$hawkstr1: HawkEye Keylogger
- 0x73ce1:$hawkstr2: Dear HawkEye Customers!
- 0x75316:$hawkstr2: Dear HawkEye Customers!
- 0x7546d:$hawkstr2: Dear HawkEye Customers!
- 0x755d4:$hawkstr2: Dear HawkEye Customers!
- 0x73e02:$hawkstr3: HawkEye Logger Details:
|
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x890e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7cdb2:$key: HawkEyeKeylogger
- 0x7eff6:$salt: 099u787978786
- 0x7d3f3:$string1: HawkEye_Keylogger
- 0x7e246:$string1: HawkEye_Keylogger
- 0x7ef56:$string1: HawkEye_Keylogger
- 0x7d7dc:$string2: holdermail.txt
- 0x7d7fc:$string2: holdermail.txt
- 0x7d71e:$string3: wallet.dat
- 0x7d736:$string3: wallet.dat
- 0x7d74c:$string3: wallet.dat
- 0x7eb1a:$string4: Keylog Records
- 0x7ee32:$string4: Keylog Records
- 0x7f04e:$string5: do not script -->
- 0x7cd9a:$string6: \pidloc.txt
- 0x7ce28:$string7: BSPLIT
- 0x7ce38:$string7: BSPLIT
|
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7d44b:$hawkstr1: HawkEye Keylogger
- 0x7e28c:$hawkstr1: HawkEye Keylogger
- 0x7e5bb:$hawkstr1: HawkEye Keylogger
- 0x7e716:$hawkstr1: HawkEye Keylogger
- 0x7e879:$hawkstr1: HawkEye Keylogger
- 0x7eaf2:$hawkstr1: HawkEye Keylogger
- 0x7cfd9:$hawkstr2: Dear HawkEye Customers!
- 0x7e60e:$hawkstr2: Dear HawkEye Customers!
- 0x7e765:$hawkstr2: Dear HawkEye Customers!
- 0x7e8cc:$hawkstr2: Dear HawkEye Customers!
- 0x7d0fa:$hawkstr3: HawkEye Logger Details:
|
26.2.RegAsm.exe.4031bf.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
26.2.RegAsm.exe.4031bf.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x7c233:$string3: wallet.dat
- 0x7c24b:$string3: wallet.dat
- 0x7c261:$string3: wallet.dat
- 0x7d62f:$string4: Keylog Records
- 0x7d947:$string4: Keylog Records
- 0x7db63:$string5: do not script -->
- 0x7b8af:$string6: \pidloc.txt
- 0x7b93d:$string7: BSPLIT
- 0x7b94d:$string7: BSPLIT
|
26.2.RegAsm.exe.4031bf.2.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
27.2.hawkgoods.exe.31d8e20.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x20e97:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
27.2.hawkgoods.exe.31d8e20.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x5360:$key: HawkEyeKeylogger
- 0x5a50:$salt: 099u787978786
- 0x1a7ac:$string1: HawkEye_Keylogger
- 0x1fb80:$string1: HawkEye_Keylogger
- 0x1d434:$string2: holdermail.txt
- 0x1d464:$string2: holdermail.txt
- 0x1b38e:$string3: wallet.dat
- 0x1b3b6:$string3: wallet.dat
- 0x1b3dc:$string3: wallet.dat
- 0x1c6f0:$string4: Keylog Records
- 0x1ca26:$string4: Keylog Records
- 0xa0d4:$string5: do not script -->
- 0x5338:$string6: \pidloc.txt
- 0x5440:$string7: BSPLIT
- 0x5460:$string7: BSPLIT
|
27.2.hawkgoods.exe.31d8e20.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
27.2.hawkgoods.exe.31d8e20.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1a83c:$hawkstr1: HawkEye Keylogger
- 0x1b680:$hawkstr1: HawkEye Keylogger
- 0x1ba6c:$hawkstr1: HawkEye Keylogger
- 0x1c6c8:$hawkstr1: HawkEye Keylogger
- 0x1fbd8:$hawkstr1: HawkEye Keylogger
- 0x2d744:$hawkstr1: HawkEye Keylogger
- 0x1a2b4:$hawkstr2: Dear HawkEye Customers!
- 0x1b6e4:$hawkstr2: Dear HawkEye Customers!
- 0x1bad0:$hawkstr2: Dear HawkEye Customers!
- 0x2d7a4:$hawkstr2: Dear HawkEye Customers!
- 0x1a3e6:$hawkstr3: HawkEye Logger Details:
|
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x890e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7cdb2:$key: HawkEyeKeylogger
- 0x7eff6:$salt: 099u787978786
- 0x7d3f3:$string1: HawkEye_Keylogger
- 0x7e246:$string1: HawkEye_Keylogger
- 0x7ef56:$string1: HawkEye_Keylogger
- 0x7d7dc:$string2: holdermail.txt
- 0x7d7fc:$string2: holdermail.txt
- 0x7d71e:$string3: wallet.dat
- 0x7d736:$string3: wallet.dat
- 0x7d74c:$string3: wallet.dat
- 0x7eb1a:$string4: Keylog Records
- 0x7ee32:$string4: Keylog Records
- 0x7f04e:$string5: do not script -->
- 0x7cd9a:$string6: \pidloc.txt
- 0x7ce28:$string7: BSPLIT
- 0x7ce38:$string7: BSPLIT
|
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7d44b:$hawkstr1: HawkEye Keylogger
- 0x7e28c:$hawkstr1: HawkEye Keylogger
- 0x7e5bb:$hawkstr1: HawkEye Keylogger
- 0x7e716:$hawkstr1: HawkEye Keylogger
- 0x7e879:$hawkstr1: HawkEye Keylogger
- 0x7eaf2:$hawkstr1: HawkEye Keylogger
- 0x7cfd9:$hawkstr2: Dear HawkEye Customers!
- 0x7e60e:$hawkstr2: Dear HawkEye Customers!
- 0x7e765:$hawkstr2: Dear HawkEye Customers!
- 0x7e8cc:$hawkstr2: Dear HawkEye Customers!
- 0x7d0fa:$hawkstr3: HawkEye Logger Details:
|
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x95e2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x16a612:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x2c9632:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7da86:$key: HawkEyeKeylogger
- 0x1deab6:$key: HawkEyeKeylogger
- 0x33dad6:$key: HawkEyeKeylogger
- 0x7fcca:$salt: 099u787978786
- 0x1e0cfa:$salt: 099u787978786
- 0x33fd1a:$salt: 099u787978786
- 0x7e0c7:$string1: HawkEye_Keylogger
- 0x7ef1a:$string1: HawkEye_Keylogger
- 0x7fc2a:$string1: HawkEye_Keylogger
- 0x1df0f7:$string1: HawkEye_Keylogger
- 0x1dff4a:$string1: HawkEye_Keylogger
- 0x1e0c5a:$string1: HawkEye_Keylogger
- 0x33e117:$string1: HawkEye_Keylogger
- 0x33ef6a:$string1: HawkEye_Keylogger
- 0x33fc7a:$string1: HawkEye_Keylogger
- 0x7e4b0:$string2: holdermail.txt
- 0x7e4d0:$string2: holdermail.txt
- 0x1df4e0:$string2: holdermail.txt
- 0x1df500:$string2: holdermail.txt
- 0x33e500:$string2: holdermail.txt
- 0x33e520:$string2: holdermail.txt
|
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7e11f:$hawkstr1: HawkEye Keylogger
- 0x7ef60:$hawkstr1: HawkEye Keylogger
- 0x7f28f:$hawkstr1: HawkEye Keylogger
- 0x7f3ea:$hawkstr1: HawkEye Keylogger
- 0x7f54d:$hawkstr1: HawkEye Keylogger
- 0x7f7c6:$hawkstr1: HawkEye Keylogger
- 0x1df14f:$hawkstr1: HawkEye Keylogger
- 0x1dff90:$hawkstr1: HawkEye Keylogger
- 0x1e02bf:$hawkstr1: HawkEye Keylogger
- 0x1e041a:$hawkstr1: HawkEye Keylogger
- 0x1e057d:$hawkstr1: HawkEye Keylogger
- 0x1e07f6:$hawkstr1: HawkEye Keylogger
- 0x33e16f:$hawkstr1: HawkEye Keylogger
- 0x33efb0:$hawkstr1: HawkEye Keylogger
- 0x33f2df:$hawkstr1: HawkEye Keylogger
- 0x33f43a:$hawkstr1: HawkEye Keylogger
- 0x33f59d:$hawkstr1: HawkEye Keylogger
- 0x33f816:$hawkstr1: HawkEye Keylogger
- 0x7dcad:$hawkstr2: Dear HawkEye Customers!
- 0x7f2e2:$hawkstr2: Dear HawkEye Customers!
- 0x7f439:$hawkstr2: Dear HawkEye Customers!
|
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x168453:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x2c7473:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x1dc8f7:$key: HawkEyeKeylogger
- 0x33b917:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x1deb3b:$salt: 099u787978786
- 0x33db5b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x1dcf38:$string1: HawkEye_Keylogger
- 0x1ddd8b:$string1: HawkEye_Keylogger
- 0x1dea9b:$string1: HawkEye_Keylogger
- 0x33bf58:$string1: HawkEye_Keylogger
- 0x33cdab:$string1: HawkEye_Keylogger
- 0x33dabb:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x1dd321:$string2: holdermail.txt
- 0x1dd341:$string2: holdermail.txt
- 0x33c341:$string2: holdermail.txt
- 0x33c361:$string2: holdermail.txt
|
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x1dcf90:$hawkstr1: HawkEye Keylogger
- 0x1dddd1:$hawkstr1: HawkEye Keylogger
- 0x1de100:$hawkstr1: HawkEye Keylogger
- 0x1de25b:$hawkstr1: HawkEye Keylogger
- 0x1de3be:$hawkstr1: HawkEye Keylogger
- 0x1de637:$hawkstr1: HawkEye Keylogger
- 0x33bfb0:$hawkstr1: HawkEye Keylogger
- 0x33cdf1:$hawkstr1: HawkEye Keylogger
- 0x33d120:$hawkstr1: HawkEye Keylogger
- 0x33d27b:$hawkstr1: HawkEye Keylogger
- 0x33d3de:$hawkstr1: HawkEye Keylogger
- 0x33d657:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
|
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x168453:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x2c7473:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x2f6e52:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x457e82:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x5b6ea2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x36b2f6:$key: HawkEyeKeylogger
- 0x4cc326:$key: HawkEyeKeylogger
- 0x62b346:$key: HawkEyeKeylogger
- 0x36d53a:$salt: 099u787978786
- 0x4ce56a:$salt: 099u787978786
- 0x62d58a:$salt: 099u787978786
- 0x36b937:$string1: HawkEye_Keylogger
- 0x36c78a:$string1: HawkEye_Keylogger
- 0x36d49a:$string1: HawkEye_Keylogger
- 0x4cc967:$string1: HawkEye_Keylogger
- 0x4cd7ba:$string1: HawkEye_Keylogger
- 0x4ce4ca:$string1: HawkEye_Keylogger
- 0x62b987:$string1: HawkEye_Keylogger
- 0x62c7da:$string1: HawkEye_Keylogger
- 0x62d4ea:$string1: HawkEye_Keylogger
- 0x36bd20:$string2: holdermail.txt
- 0x36bd40:$string2: holdermail.txt
- 0x4ccd50:$string2: holdermail.txt
- 0x4ccd70:$string2: holdermail.txt
- 0x62bd70:$string2: holdermail.txt
- 0x62bd90:$string2: holdermail.txt
|
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x36b98f:$hawkstr1: HawkEye Keylogger
- 0x36c7d0:$hawkstr1: HawkEye Keylogger
- 0x36caff:$hawkstr1: HawkEye Keylogger
- 0x36cc5a:$hawkstr1: HawkEye Keylogger
- 0x36cdbd:$hawkstr1: HawkEye Keylogger
- 0x36d036:$hawkstr1: HawkEye Keylogger
- 0x4cc9bf:$hawkstr1: HawkEye Keylogger
- 0x4cd800:$hawkstr1: HawkEye Keylogger
- 0x4cdb2f:$hawkstr1: HawkEye Keylogger
- 0x4cdc8a:$hawkstr1: HawkEye Keylogger
- 0x4cdded:$hawkstr1: HawkEye Keylogger
- 0x4ce066:$hawkstr1: HawkEye Keylogger
- 0x62b9df:$hawkstr1: HawkEye Keylogger
- 0x62c820:$hawkstr1: HawkEye Keylogger
- 0x62cb4f:$hawkstr1: HawkEye Keylogger
- 0x62ccaa:$hawkstr1: HawkEye Keylogger
- 0x62ce0d:$hawkstr1: HawkEye Keylogger
- 0x62d086:$hawkstr1: HawkEye Keylogger
- 0x36b51d:$hawkstr2: Dear HawkEye Customers!
- 0x36cb52:$hawkstr2: Dear HawkEye Customers!
- 0x36cca9:$hawkstr2: Dear HawkEye Customers!
|
26.2.RegAsm.exe.4031bf.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
26.2.RegAsm.exe.4031bf.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
26.2.RegAsm.exe.4031bf.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
26.2.RegAsm.exe.4031bf.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
- 0x7d3e1:$hawkstr2: Dear HawkEye Customers!
- 0x7bc0f:$hawkstr3: HawkEye Logger Details:
|
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b8c7:$key: HawkEyeKeylogger
- 0x1dc8f7:$key: HawkEyeKeylogger
- 0x33b917:$key: HawkEyeKeylogger
- 0x7db0b:$salt: 099u787978786
- 0x1deb3b:$salt: 099u787978786
- 0x33db5b:$salt: 099u787978786
- 0x7bf08:$string1: HawkEye_Keylogger
- 0x7cd5b:$string1: HawkEye_Keylogger
- 0x7da6b:$string1: HawkEye_Keylogger
- 0x1dcf38:$string1: HawkEye_Keylogger
- 0x1ddd8b:$string1: HawkEye_Keylogger
- 0x1dea9b:$string1: HawkEye_Keylogger
- 0x33bf58:$string1: HawkEye_Keylogger
- 0x33cdab:$string1: HawkEye_Keylogger
- 0x33dabb:$string1: HawkEye_Keylogger
- 0x7c2f1:$string2: holdermail.txt
- 0x7c311:$string2: holdermail.txt
- 0x1dd321:$string2: holdermail.txt
- 0x1dd341:$string2: holdermail.txt
- 0x33c341:$string2: holdermail.txt
- 0x33c361:$string2: holdermail.txt
|
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf60:$hawkstr1: HawkEye Keylogger
- 0x7cda1:$hawkstr1: HawkEye Keylogger
- 0x7d0d0:$hawkstr1: HawkEye Keylogger
- 0x7d22b:$hawkstr1: HawkEye Keylogger
- 0x7d38e:$hawkstr1: HawkEye Keylogger
- 0x7d607:$hawkstr1: HawkEye Keylogger
- 0x1dcf90:$hawkstr1: HawkEye Keylogger
- 0x1dddd1:$hawkstr1: HawkEye Keylogger
- 0x1de100:$hawkstr1: HawkEye Keylogger
- 0x1de25b:$hawkstr1: HawkEye Keylogger
- 0x1de3be:$hawkstr1: HawkEye Keylogger
- 0x1de637:$hawkstr1: HawkEye Keylogger
- 0x33bfb0:$hawkstr1: HawkEye Keylogger
- 0x33cdf1:$hawkstr1: HawkEye Keylogger
- 0x33d120:$hawkstr1: HawkEye Keylogger
- 0x33d27b:$hawkstr1: HawkEye Keylogger
- 0x33d3de:$hawkstr1: HawkEye Keylogger
- 0x33d657:$hawkstr1: HawkEye Keylogger
- 0x7baee:$hawkstr2: Dear HawkEye Customers!
- 0x7d123:$hawkstr2: Dear HawkEye Customers!
- 0x7d27a:$hawkstr2: Dear HawkEye Customers!
|
6.2.hawkgoods.exe.2a48e20.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x20bab:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
6.2.hawkgoods.exe.2a48e20.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x5178:$key: HawkEyeKeylogger
- 0x57c8:$salt: 099u787978786
- 0x1a2cc:$string1: HawkEye_Keylogger
- 0x1f894:$string1: HawkEye_Keylogger
- 0x1d1fc:$string2: holdermail.txt
- 0x1d22c:$string2: holdermail.txt
- 0x1b65a:$string3: wallet.dat
- 0x1b682:$string3: wallet.dat
- 0x1b6a8:$string3: wallet.dat
- 0x1c6f8:$string4: Keylog Records
- 0x1ca2e:$string4: Keylog Records
- 0x9e4c:$string5: do not script -->
- 0x5150:$string6: \pidloc.txt
- 0x5258:$string7: BSPLIT
- 0x5278:$string7: BSPLIT
|
6.2.hawkgoods.exe.2a48e20.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
6.2.hawkgoods.exe.2a48e20.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1a35c:$hawkstr1: HawkEye Keylogger
- 0x1b918:$hawkstr1: HawkEye Keylogger
- 0x1bcb0:$hawkstr1: HawkEye Keylogger
- 0x1c6d0:$hawkstr1: HawkEye Keylogger
- 0x1f8ec:$hawkstr1: HawkEye Keylogger
- 0xbfe14:$hawkstr1: HawkEye Keylogger
- 0x19dd4:$hawkstr2: Dear HawkEye Customers!
- 0x1b97c:$hawkstr2: Dear HawkEye Customers!
- 0x1bd14:$hawkstr2: Dear HawkEye Customers!
- 0xbfe74:$hawkstr2: Dear HawkEye Customers!
- 0x19f06:$hawkstr3: HawkEye Logger Details:
|
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x2f6e52:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x457e82:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x5b6ea2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x36b2f6:$key: HawkEyeKeylogger
- 0x4cc326:$key: HawkEyeKeylogger
- 0x62b346:$key: HawkEyeKeylogger
- 0x36d53a:$salt: 099u787978786
- 0x4ce56a:$salt: 099u787978786
- 0x62d58a:$salt: 099u787978786
- 0x36b937:$string1: HawkEye_Keylogger
- 0x36c78a:$string1: HawkEye_Keylogger
- 0x36d49a:$string1: HawkEye_Keylogger
- 0x4cc967:$string1: HawkEye_Keylogger
- 0x4cd7ba:$string1: HawkEye_Keylogger
- 0x4ce4ca:$string1: HawkEye_Keylogger
- 0x62b987:$string1: HawkEye_Keylogger
- 0x62c7da:$string1: HawkEye_Keylogger
- 0x62d4ea:$string1: HawkEye_Keylogger
- 0x36bd20:$string2: holdermail.txt
- 0x36bd40:$string2: holdermail.txt
- 0x4ccd50:$string2: holdermail.txt
- 0x4ccd70:$string2: holdermail.txt
- 0x62bd70:$string2: holdermail.txt
- 0x62bd90:$string2: holdermail.txt
|
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x36b98f:$hawkstr1: HawkEye Keylogger
- 0x36c7d0:$hawkstr1: HawkEye Keylogger
- 0x36caff:$hawkstr1: HawkEye Keylogger
- 0x36cc5a:$hawkstr1: HawkEye Keylogger
- 0x36cdbd:$hawkstr1: HawkEye Keylogger
- 0x36d036:$hawkstr1: HawkEye Keylogger
- 0x4cc9bf:$hawkstr1: HawkEye Keylogger
- 0x4cd800:$hawkstr1: HawkEye Keylogger
- 0x4cdb2f:$hawkstr1: HawkEye Keylogger
- 0x4cdc8a:$hawkstr1: HawkEye Keylogger
- 0x4cdded:$hawkstr1: HawkEye Keylogger
- 0x4ce066:$hawkstr1: HawkEye Keylogger
- 0x62b9df:$hawkstr1: HawkEye Keylogger
- 0x62c820:$hawkstr1: HawkEye Keylogger
- 0x62cb4f:$hawkstr1: HawkEye Keylogger
- 0x62ccaa:$hawkstr1: HawkEye Keylogger
- 0x62ce0d:$hawkstr1: HawkEye Keylogger
- 0x62d086:$hawkstr1: HawkEye Keylogger
- 0x36b51d:$hawkstr2: Dear HawkEye Customers!
- 0x36cb52:$hawkstr2: Dear HawkEye Customers!
- 0x36cca9:$hawkstr2: Dear HawkEye Customers!
|
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x95e2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x16a612:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x2c9632:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7da86:$key: HawkEyeKeylogger
- 0x1deab6:$key: HawkEyeKeylogger
- 0x33dad6:$key: HawkEyeKeylogger
- 0x7fcca:$salt: 099u787978786
- 0x1e0cfa:$salt: 099u787978786
- 0x33fd1a:$salt: 099u787978786
- 0x7e0c7:$string1: HawkEye_Keylogger
- 0x7ef1a:$string1: HawkEye_Keylogger
- 0x7fc2a:$string1: HawkEye_Keylogger
- 0x1df0f7:$string1: HawkEye_Keylogger
- 0x1dff4a:$string1: HawkEye_Keylogger
- 0x1e0c5a:$string1: HawkEye_Keylogger
- 0x33e117:$string1: HawkEye_Keylogger
- 0x33ef6a:$string1: HawkEye_Keylogger
- 0x33fc7a:$string1: HawkEye_Keylogger
- 0x7e4b0:$string2: holdermail.txt
- 0x7e4d0:$string2: holdermail.txt
- 0x1df4e0:$string2: holdermail.txt
- 0x1df500:$string2: holdermail.txt
- 0x33e500:$string2: holdermail.txt
- 0x33e520:$string2: holdermail.txt
|
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | JoeSecurity_Matiex | Yara detected Matiex Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7e11f:$hawkstr1: HawkEye Keylogger
- 0x7ef60:$hawkstr1: HawkEye Keylogger
- 0x7f28f:$hawkstr1: HawkEye Keylogger
- 0x7f3ea:$hawkstr1: HawkEye Keylogger
- 0x7f54d:$hawkstr1: HawkEye Keylogger
- 0x7f7c6:$hawkstr1: HawkEye Keylogger
- 0x1df14f:$hawkstr1: HawkEye Keylogger
- 0x1dff90:$hawkstr1: HawkEye Keylogger
- 0x1e02bf:$hawkstr1: HawkEye Keylogger
- 0x1e041a:$hawkstr1: HawkEye Keylogger
- 0x1e057d:$hawkstr1: HawkEye Keylogger
- 0x1e07f6:$hawkstr1: HawkEye Keylogger
- 0x33e16f:$hawkstr1: HawkEye Keylogger
- 0x33efb0:$hawkstr1: HawkEye Keylogger
- 0x33f2df:$hawkstr1: HawkEye Keylogger
- 0x33f43a:$hawkstr1: HawkEye Keylogger
- 0x33f59d:$hawkstr1: HawkEye Keylogger
- 0x33f816:$hawkstr1: HawkEye Keylogger
- 0x7dcad:$hawkstr2: Dear HawkEye Customers!
- 0x7f2e2:$hawkstr2: Dear HawkEye Customers!
- 0x7f439:$hawkstr2: Dear HawkEye Customers!
|
Click to see the 271 entries |