3.2.K409476485-03032021000.pdf.exe.7d30000.11.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.85c0000.12.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.2db0cb4.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.3d79930.8.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.3d79930.8.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.45fa72.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1dca7:$key: HawkEyeKeylogger
- 0x1fea5:$salt: 099u787978786
- 0x1e2c0:$string1: HawkEye_Keylogger
- 0x1f113:$string1: HawkEye_Keylogger
- 0x1fe05:$string1: HawkEye_Keylogger
- 0x1e6a9:$string2: holdermail.txt
- 0x1e6c9:$string2: holdermail.txt
- 0x1e5eb:$string3: wallet.dat
- 0x1e603:$string3: wallet.dat
- 0x1e619:$string3: wallet.dat
- 0x1f9e7:$string4: Keylog Records
- 0x1fcff:$string4: Keylog Records
- 0x1fefd:$string5: do not script -->
- 0x1dc8f:$string6: \pidloc.txt
- 0x1dcf5:$string7: BSPLIT
- 0x1dd05:$string7: BSPLIT
|
3.2.K409476485-03032021000.pdf.exe.45fa72.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.45fa72.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.45fa72.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e318:$hawkstr1: HawkEye Keylogger
- 0x1f159:$hawkstr1: HawkEye Keylogger
- 0x1f488:$hawkstr1: HawkEye Keylogger
- 0x1f5e3:$hawkstr1: HawkEye Keylogger
- 0x1f746:$hawkstr1: HawkEye Keylogger
- 0x1f9bf:$hawkstr1: HawkEye Keylogger
- 0x1dea6:$hawkstr2: Dear HawkEye Customers!
- 0x1f4db:$hawkstr2: Dear HawkEye Customers!
- 0x1f632:$hawkstr2: Dear HawkEye Customers!
- 0x1f799:$hawkstr2: Dear HawkEye Customers!
- 0x1dfc7:$hawkstr3: HawkEye Logger Details:
|
3.2.K409476485-03032021000.pdf.exe.45fa72.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.3d91b50.7.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
7.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.409c0d.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
6.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.2d9b520.6.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x167af:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.2d9b520.6.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.2d9b520.6.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0xeec8:$hawkstr1: HawkEye Keylogger
- 0x12c28:$hawkstr1: HawkEye Keylogger
- 0x13004:$hawkstr1: HawkEye Keylogger
- 0x154fc:$hawkstr1: HawkEye Keylogger
- 0xe980:$hawkstr2: Dear HawkEye Customers!
- 0x12c88:$hawkstr2: Dear HawkEye Customers!
- 0x13064:$hawkstr2: Dear HawkEye Customers!
- 0xeaae:$hawkstr3: HawkEye Logger Details:
|
7.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75511:$key: HawkEyeKeylogger
- 0x7770f:$salt: 099u787978786
- 0x75b2a:$string1: HawkEye_Keylogger
- 0x7697d:$string1: HawkEye_Keylogger
- 0x7766f:$string1: HawkEye_Keylogger
- 0x75f13:$string2: holdermail.txt
- 0x75f33:$string2: holdermail.txt
- 0x75e55:$string3: wallet.dat
- 0x75e6d:$string3: wallet.dat
- 0x75e83:$string3: wallet.dat
- 0x77251:$string4: Keylog Records
- 0x77569:$string4: Keylog Records
- 0x77767:$string5: do not script -->
- 0x754f9:$string6: \pidloc.txt
- 0x7555f:$string7: BSPLIT
- 0x7556f:$string7: BSPLIT
|
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.408208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b82:$hawkstr1: HawkEye Keylogger
- 0x769c3:$hawkstr1: HawkEye Keylogger
- 0x76cf2:$hawkstr1: HawkEye Keylogger
- 0x76e4d:$hawkstr1: HawkEye Keylogger
- 0x76fb0:$hawkstr1: HawkEye Keylogger
- 0x77229:$hawkstr1: HawkEye Keylogger
- 0x75710:$hawkstr2: Dear HawkEye Customers!
- 0x76d45:$hawkstr2: Dear HawkEye Customers!
- 0x76e9c:$hawkstr2: Dear HawkEye Customers!
- 0x77003:$hawkstr2: Dear HawkEye Customers!
- 0x75831:$hawkstr3: HawkEye Logger Details:
|
3.2.K409476485-03032021000.pdf.exe.3d79930.8.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
6.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b919:$key: HawkEyeKeylogger
- 0x7db17:$salt: 099u787978786
- 0x7bf32:$string1: HawkEye_Keylogger
- 0x7cd85:$string1: HawkEye_Keylogger
- 0x7da77:$string1: HawkEye_Keylogger
- 0x7c31b:$string2: holdermail.txt
- 0x7c33b:$string2: holdermail.txt
- 0x7c25d:$string3: wallet.dat
- 0x7c275:$string3: wallet.dat
- 0x7c28b:$string3: wallet.dat
- 0x7d659:$string4: Keylog Records
- 0x7d971:$string4: Keylog Records
- 0x7db6f:$string5: do not script -->
- 0x7b901:$string6: \pidloc.txt
- 0x7b967:$string7: BSPLIT
- 0x7b977:$string7: BSPLIT
|
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.400000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf8a:$hawkstr1: HawkEye Keylogger
- 0x7cdcb:$hawkstr1: HawkEye Keylogger
- 0x7d0fa:$hawkstr1: HawkEye Keylogger
- 0x7d255:$hawkstr1: HawkEye Keylogger
- 0x7d3b8:$hawkstr1: HawkEye Keylogger
- 0x7d631:$hawkstr1: HawkEye Keylogger
- 0x7bb18:$hawkstr2: Dear HawkEye Customers!
- 0x7d14d:$hawkstr2: Dear HawkEye Customers!
- 0x7d2a4:$hawkstr2: Dear HawkEye Customers!
- 0x7d40b:$hawkstr2: Dear HawkEye Customers!
- 0x7bc39:$hawkstr3: HawkEye Logger Details:
|
3.2.K409476485-03032021000.pdf.exe.3d91b50.7.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.409c0d.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x73b0c:$key: HawkEyeKeylogger
- 0x75d0a:$salt: 099u787978786
- 0x74125:$string1: HawkEye_Keylogger
- 0x74f78:$string1: HawkEye_Keylogger
- 0x75c6a:$string1: HawkEye_Keylogger
- 0x7450e:$string2: holdermail.txt
- 0x7452e:$string2: holdermail.txt
- 0x74450:$string3: wallet.dat
- 0x74468:$string3: wallet.dat
- 0x7447e:$string3: wallet.dat
- 0x7584c:$string4: Keylog Records
- 0x75b64:$string4: Keylog Records
- 0x75d62:$string5: do not script -->
- 0x73af4:$string6: \pidloc.txt
- 0x73b5a:$string7: BSPLIT
- 0x73b6a:$string7: BSPLIT
|
3.2.K409476485-03032021000.pdf.exe.409c0d.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.409c0d.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.409c0d.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.2.K409476485-03032021000.pdf.exe.409c0d.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7417d:$hawkstr1: HawkEye Keylogger
- 0x74fbe:$hawkstr1: HawkEye Keylogger
- 0x752ed:$hawkstr1: HawkEye Keylogger
- 0x75448:$hawkstr1: HawkEye Keylogger
- 0x755ab:$hawkstr1: HawkEye Keylogger
- 0x75824:$hawkstr1: HawkEye Keylogger
- 0x73d0b:$hawkstr2: Dear HawkEye Customers!
- 0x75340:$hawkstr2: Dear HawkEye Customers!
- 0x75497:$hawkstr2: Dear HawkEye Customers!
- 0x755fe:$hawkstr2: Dear HawkEye Customers!
- 0x73e2c:$hawkstr3: HawkEye Logger Details:
|
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x2360d3:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x2b80f3:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x2aa5c9:$key: HawkEyeKeylogger
- 0x32c5e9:$key: HawkEyeKeylogger
- 0x2ac7c7:$salt: 099u787978786
- 0x32e7e7:$salt: 099u787978786
- 0x2aabe2:$string1: HawkEye_Keylogger
- 0x2aba35:$string1: HawkEye_Keylogger
- 0x2ac727:$string1: HawkEye_Keylogger
- 0x32cc02:$string1: HawkEye_Keylogger
- 0x32da55:$string1: HawkEye_Keylogger
- 0x32e747:$string1: HawkEye_Keylogger
- 0x2aafcb:$string2: holdermail.txt
- 0x2aafeb:$string2: holdermail.txt
- 0x32cfeb:$string2: holdermail.txt
- 0x32d00b:$string2: holdermail.txt
- 0x2aaf0d:$string3: wallet.dat
- 0x2aaf25:$string3: wallet.dat
- 0x2aaf3b:$string3: wallet.dat
- 0x32cf2d:$string3: wallet.dat
- 0x32cf45:$string3: wallet.dat
- 0x32cf5b:$string3: wallet.dat
- 0x2ac309:$string4: Keylog Records
|
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.43175f0.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x2aac3a:$hawkstr1: HawkEye Keylogger
- 0x2aba7b:$hawkstr1: HawkEye Keylogger
- 0x2abdaa:$hawkstr1: HawkEye Keylogger
- 0x2abf05:$hawkstr1: HawkEye Keylogger
- 0x2ac068:$hawkstr1: HawkEye Keylogger
- 0x2ac2e1:$hawkstr1: HawkEye Keylogger
- 0x32cc5a:$hawkstr1: HawkEye Keylogger
- 0x32da9b:$hawkstr1: HawkEye Keylogger
- 0x32ddca:$hawkstr1: HawkEye Keylogger
- 0x32df25:$hawkstr1: HawkEye Keylogger
- 0x32e088:$hawkstr1: HawkEye Keylogger
- 0x32e301:$hawkstr1: HawkEye Keylogger
- 0x2aa7c8:$hawkstr2: Dear HawkEye Customers!
- 0x2abdfd:$hawkstr2: Dear HawkEye Customers!
- 0x2abf54:$hawkstr2: Dear HawkEye Customers!
- 0x2ac0bb:$hawkstr2: Dear HawkEye Customers!
- 0x32c7e8:$hawkstr2: Dear HawkEye Customers!
- 0x32de1d:$hawkstr2: Dear HawkEye Customers!
- 0x32df74:$hawkstr2: Dear HawkEye Customers!
- 0x32e0db:$hawkstr2: Dear HawkEye Customers!
- 0x2aa8e9:$hawkstr3: HawkEye Logger Details:
|
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x79b19:$key: HawkEyeKeylogger
- 0x7bd17:$salt: 099u787978786
- 0x7a132:$string1: HawkEye_Keylogger
- 0x7af85:$string1: HawkEye_Keylogger
- 0x7bc77:$string1: HawkEye_Keylogger
- 0x7a51b:$string2: holdermail.txt
- 0x7a53b:$string2: holdermail.txt
- 0x7a45d:$string3: wallet.dat
- 0x7a475:$string3: wallet.dat
- 0x7a48b:$string3: wallet.dat
- 0x7b859:$string4: Keylog Records
- 0x7bb71:$string4: Keylog Records
- 0x7bd6f:$string5: do not script -->
- 0x79b01:$string6: \pidloc.txt
- 0x79b67:$string7: BSPLIT
- 0x79b77:$string7: BSPLIT
|
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7a18a:$hawkstr1: HawkEye Keylogger
- 0x7afcb:$hawkstr1: HawkEye Keylogger
- 0x7b2fa:$hawkstr1: HawkEye Keylogger
- 0x7b455:$hawkstr1: HawkEye Keylogger
- 0x7b5b8:$hawkstr1: HawkEye Keylogger
- 0x7b831:$hawkstr1: HawkEye Keylogger
- 0x79d18:$hawkstr2: Dear HawkEye Customers!
- 0x7b34d:$hawkstr2: Dear HawkEye Customers!
- 0x7b4a4:$hawkstr2: Dear HawkEye Customers!
- 0x7b60b:$hawkstr2: Dear HawkEye Customers!
- 0x79e39:$hawkstr3: HawkEye Logger Details:
|
1.2.K409476485-03032021000.pdf.exe.2862894.1.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x89443:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b919:$key: HawkEyeKeylogger
- 0xfd939:$key: HawkEyeKeylogger
- 0x7db17:$salt: 099u787978786
- 0xffb37:$salt: 099u787978786
- 0x7bf32:$string1: HawkEye_Keylogger
- 0x7cd85:$string1: HawkEye_Keylogger
- 0x7da77:$string1: HawkEye_Keylogger
- 0xfdf52:$string1: HawkEye_Keylogger
- 0xfeda5:$string1: HawkEye_Keylogger
- 0xffa97:$string1: HawkEye_Keylogger
- 0x7c31b:$string2: holdermail.txt
- 0x7c33b:$string2: holdermail.txt
- 0xfe33b:$string2: holdermail.txt
- 0xfe35b:$string2: holdermail.txt
- 0x7c25d:$string3: wallet.dat
- 0x7c275:$string3: wallet.dat
- 0x7c28b:$string3: wallet.dat
- 0xfe27d:$string3: wallet.dat
- 0xfe295:$string3: wallet.dat
- 0xfe2ab:$string3: wallet.dat
- 0x7d659:$string4: Keylog Records
|
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.45462a0.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf8a:$hawkstr1: HawkEye Keylogger
- 0x7cdcb:$hawkstr1: HawkEye Keylogger
- 0x7d0fa:$hawkstr1: HawkEye Keylogger
- 0x7d255:$hawkstr1: HawkEye Keylogger
- 0x7d3b8:$hawkstr1: HawkEye Keylogger
- 0x7d631:$hawkstr1: HawkEye Keylogger
- 0xfdfaa:$hawkstr1: HawkEye Keylogger
- 0xfedeb:$hawkstr1: HawkEye Keylogger
- 0xff11a:$hawkstr1: HawkEye Keylogger
- 0xff275:$hawkstr1: HawkEye Keylogger
- 0xff3d8:$hawkstr1: HawkEye Keylogger
- 0xff651:$hawkstr1: HawkEye Keylogger
- 0x7bb18:$hawkstr2: Dear HawkEye Customers!
- 0x7d14d:$hawkstr2: Dear HawkEye Customers!
- 0x7d2a4:$hawkstr2: Dear HawkEye Customers!
- 0x7d40b:$hawkstr2: Dear HawkEye Customers!
- 0xfdb38:$hawkstr2: Dear HawkEye Customers!
- 0xff16d:$hawkstr2: Dear HawkEye Customers!
- 0xff2c4:$hawkstr2: Dear HawkEye Customers!
- 0xff42b:$hawkstr2: Dear HawkEye Customers!
- 0x7bc39:$hawkstr3: HawkEye Logger Details:
|
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x2de6f3:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x360713:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x352be9:$key: HawkEyeKeylogger
- 0x3d4c09:$key: HawkEyeKeylogger
- 0x354de7:$salt: 099u787978786
- 0x3d6e07:$salt: 099u787978786
- 0x353202:$string1: HawkEye_Keylogger
- 0x354055:$string1: HawkEye_Keylogger
- 0x354d47:$string1: HawkEye_Keylogger
- 0x3d5222:$string1: HawkEye_Keylogger
- 0x3d6075:$string1: HawkEye_Keylogger
- 0x3d6d67:$string1: HawkEye_Keylogger
- 0x3535eb:$string2: holdermail.txt
- 0x35360b:$string2: holdermail.txt
- 0x3d560b:$string2: holdermail.txt
- 0x3d562b:$string2: holdermail.txt
- 0x35352d:$string3: wallet.dat
- 0x353545:$string3: wallet.dat
- 0x35355b:$string3: wallet.dat
- 0x3d554d:$string3: wallet.dat
- 0x3d5565:$string3: wallet.dat
- 0x3d557b:$string3: wallet.dat
- 0x354929:$string4: Keylog Records
|
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.K409476485-03032021000.pdf.exe.426efd0.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x35325a:$hawkstr1: HawkEye Keylogger
- 0x35409b:$hawkstr1: HawkEye Keylogger
- 0x3543ca:$hawkstr1: HawkEye Keylogger
- 0x354525:$hawkstr1: HawkEye Keylogger
- 0x354688:$hawkstr1: HawkEye Keylogger
- 0x354901:$hawkstr1: HawkEye Keylogger
- 0x3d527a:$hawkstr1: HawkEye Keylogger
- 0x3d60bb:$hawkstr1: HawkEye Keylogger
- 0x3d63ea:$hawkstr1: HawkEye Keylogger
- 0x3d6545:$hawkstr1: HawkEye Keylogger
- 0x3d66a8:$hawkstr1: HawkEye Keylogger
- 0x3d6921:$hawkstr1: HawkEye Keylogger
- 0x352de8:$hawkstr2: Dear HawkEye Customers!
- 0x35441d:$hawkstr2: Dear HawkEye Customers!
- 0x354574:$hawkstr2: Dear HawkEye Customers!
- 0x3546db:$hawkstr2: Dear HawkEye Customers!
- 0x3d4e08:$hawkstr2: Dear HawkEye Customers!
- 0x3d643d:$hawkstr2: Dear HawkEye Customers!
- 0x3d6594:$hawkstr2: Dear HawkEye Customers!
- 0x3d66fb:$hawkstr2: Dear HawkEye Customers!
- 0x352f09:$hawkstr3: HawkEye Logger Details:
|
Click to see the 58 entries |