00000005.00000000.227084659.00000000009C2000.00000002.00020000.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b68e:$key: HawkEyeKeylogger
- 0x7d8e0:$salt: 099u787978786
- 0x7bcdd:$string1: HawkEye_Keylogger
- 0x7cb30:$string1: HawkEye_Keylogger
- 0x7d840:$string1: HawkEye_Keylogger
- 0x7c0c6:$string2: holdermail.txt
- 0x7c0e6:$string2: holdermail.txt
- 0x7c008:$string3: wallet.dat
- 0x7c020:$string3: wallet.dat
- 0x7c036:$string3: wallet.dat
- 0x7d422:$string4: Keylog Records
- 0x7d73a:$string4: Keylog Records
- 0x7d938:$string5: do not script -->
- 0x7b676:$string6: \pidloc.txt
- 0x7b704:$string7: BSPLIT
- 0x7b714:$string7: BSPLIT
|
00000005.00000000.227084659.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000005.00000000.227084659.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
00000005.00000000.227084659.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000005.00000000.227084659.00000000009C2000.00000002.00020000.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bd35:$hawkstr1: HawkEye Keylogger
- 0x7cb76:$hawkstr1: HawkEye Keylogger
- 0x7cea5:$hawkstr1: HawkEye Keylogger
- 0x7d000:$hawkstr1: HawkEye Keylogger
- 0x7d163:$hawkstr1: HawkEye Keylogger
- 0x7d3fa:$hawkstr1: HawkEye Keylogger
- 0x7b8c3:$hawkstr2: Dear HawkEye Customers!
- 0x7cef8:$hawkstr2: Dear HawkEye Customers!
- 0x7d04f:$hawkstr2: Dear HawkEye Customers!
- 0x7d1b6:$hawkstr2: Dear HawkEye Customers!
- 0x7b9e4:$hawkstr3: HawkEye Logger Details:
|
00000008.00000000.283523438.0000000003B61000.00000004.00000001.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000015.00000002.286698882.0000000000400000.00000040.00000001.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000008.00000002.313456976.0000000003D6C000.00000004.00000001.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000008.00000000.276336479.00000000003D2000.00000002.00020000.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000008.00000000.276336479.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000008.00000000.276336479.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000008.00000000.276336479.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000008.00000000.276336479.00000000003D2000.00000002.00020000.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000005.00000003.247040604.0000000007404000.00000004.00000001.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x3b81e:$key: HawkEyeKeylogger
- 0x3da70:$salt: 099u787978786
- 0x3be6d:$string1: HawkEye_Keylogger
- 0x3ccc0:$string1: HawkEye_Keylogger
- 0x3d9d0:$string1: HawkEye_Keylogger
- 0x3c256:$string2: holdermail.txt
- 0x3c276:$string2: holdermail.txt
- 0x3c198:$string3: wallet.dat
- 0x3c1b0:$string3: wallet.dat
- 0x3c1c6:$string3: wallet.dat
- 0x3d5b2:$string4: Keylog Records
- 0x3d8ca:$string4: Keylog Records
- 0x3dac8:$string5: do not script -->
- 0x3b806:$string6: \pidloc.txt
- 0x3b894:$string7: BSPLIT
- 0x3b8a4:$string7: BSPLIT
|
00000005.00000003.247040604.0000000007404000.00000004.00000001.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000005.00000003.247040604.0000000007404000.00000004.00000001.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
00000005.00000003.247040604.0000000007404000.00000004.00000001.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000005.00000003.247040604.0000000007404000.00000004.00000001.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x3bec5:$hawkstr1: HawkEye Keylogger
- 0x3cd06:$hawkstr1: HawkEye Keylogger
- 0x3d035:$hawkstr1: HawkEye Keylogger
- 0x3d190:$hawkstr1: HawkEye Keylogger
- 0x3d2f3:$hawkstr1: HawkEye Keylogger
- 0x3d58a:$hawkstr1: HawkEye Keylogger
- 0x3ba53:$hawkstr2: Dear HawkEye Customers!
- 0x3d088:$hawkstr2: Dear HawkEye Customers!
- 0x3d1df:$hawkstr2: Dear HawkEye Customers!
- 0x3d346:$hawkstr2: Dear HawkEye Customers!
- 0x3bb74:$hawkstr3: HawkEye Logger Details:
|
00000008.00000000.247374939.00000000003D2000.00000002.00020000.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000008.00000000.247374939.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000008.00000000.247374939.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000008.00000000.247374939.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000008.00000000.247374939.00000000003D2000.00000002.00020000.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000008.00000002.310765345.00000000003D2000.00000002.00020000.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000008.00000002.310765345.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000008.00000002.310765345.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000008.00000002.310765345.00000000003D2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000008.00000002.310765345.00000000003D2000.00000002.00020000.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000008.00000000.293259909.0000000003B61000.00000004.00000001.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000022.00000002.340891533.00000000007E2000.00000002.00020000.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b68e:$key: HawkEyeKeylogger
- 0x7d8e0:$salt: 099u787978786
- 0x7bcdd:$string1: HawkEye_Keylogger
- 0x7cb30:$string1: HawkEye_Keylogger
- 0x7d840:$string1: HawkEye_Keylogger
- 0x7c0c6:$string2: holdermail.txt
- 0x7c0e6:$string2: holdermail.txt
- 0x7c008:$string3: wallet.dat
- 0x7c020:$string3: wallet.dat
- 0x7c036:$string3: wallet.dat
- 0x7d422:$string4: Keylog Records
- 0x7d73a:$string4: Keylog Records
- 0x7d938:$string5: do not script -->
- 0x7b676:$string6: \pidloc.txt
- 0x7b704:$string7: BSPLIT
- 0x7b714:$string7: BSPLIT
|
00000022.00000002.340891533.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000022.00000002.340891533.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
00000022.00000002.340891533.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000022.00000002.340891533.00000000007E2000.00000002.00020000.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bd35:$hawkstr1: HawkEye Keylogger
- 0x7cb76:$hawkstr1: HawkEye Keylogger
- 0x7cea5:$hawkstr1: HawkEye Keylogger
- 0x7d000:$hawkstr1: HawkEye Keylogger
- 0x7d163:$hawkstr1: HawkEye Keylogger
- 0x7d3fa:$hawkstr1: HawkEye Keylogger
- 0x7b8c3:$hawkstr2: Dear HawkEye Customers!
- 0x7cef8:$hawkstr2: Dear HawkEye Customers!
- 0x7d04f:$hawkstr2: Dear HawkEye Customers!
- 0x7d1b6:$hawkstr2: Dear HawkEye Customers!
- 0x7b9e4:$hawkstr3: HawkEye Logger Details:
|
0000001A.00000000.286586806.0000000000472000.00000002.00020000.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b68e:$key: HawkEyeKeylogger
- 0x7d8e0:$salt: 099u787978786
- 0x7bcdd:$string1: HawkEye_Keylogger
- 0x7cb30:$string1: HawkEye_Keylogger
- 0x7d840:$string1: HawkEye_Keylogger
- 0x7c0c6:$string2: holdermail.txt
- 0x7c0e6:$string2: holdermail.txt
- 0x7c008:$string3: wallet.dat
- 0x7c020:$string3: wallet.dat
- 0x7c036:$string3: wallet.dat
- 0x7d422:$string4: Keylog Records
- 0x7d73a:$string4: Keylog Records
- 0x7d938:$string5: do not script -->
- 0x7b676:$string6: \pidloc.txt
- 0x7b704:$string7: BSPLIT
- 0x7b714:$string7: BSPLIT
|
0000001A.00000000.286586806.0000000000472000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
0000001A.00000000.286586806.0000000000472000.00000002.00020000.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0000001A.00000000.286586806.0000000000472000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0000001A.00000000.286586806.0000000000472000.00000002.00020000.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bd35:$hawkstr1: HawkEye Keylogger
- 0x7cb76:$hawkstr1: HawkEye Keylogger
- 0x7cea5:$hawkstr1: HawkEye Keylogger
- 0x7d000:$hawkstr1: HawkEye Keylogger
- 0x7d163:$hawkstr1: HawkEye Keylogger
- 0x7d3fa:$hawkstr1: HawkEye Keylogger
- 0x7b8c3:$hawkstr2: Dear HawkEye Customers!
- 0x7cef8:$hawkstr2: Dear HawkEye Customers!
- 0x7d04f:$hawkstr2: Dear HawkEye Customers!
- 0x7d1b6:$hawkstr2: Dear HawkEye Customers!
- 0x7b9e4:$hawkstr3: HawkEye Logger Details:
|
00000008.00000000.290325606.0000000002B61000.00000004.00000001.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x4d108:$string1: holderwb.txt
- 0x4d134:$string1: holderwb.txt
- 0x423e0:$string3: There is a file attached to this email
- 0x45060:$string4: screens\screenshot
- 0x2e02c:$string5: Disablelogger
- 0x2dfa4:$string6: \pidloc.txt
- 0x25c6c:$string7: clearie
- 0x25c94:$string8: clearff
- 0x3f942:$string9: emails should be sent to you shortly
- 0x406d2:$string9: emails should be sent to you shortly
- 0x2dfcc:$ver1: PredatorLogger
- 0x3fe38:$ver3: Predator Pain
- 0x42380:$ver3: Predator Pain
- 0x4367c:$ver3: Predator Pain
- 0x44c00:$ver3: Predator Pain
- 0x4d0b4:$ver3: Predator Pain
|
00000008.00000000.290325606.0000000002B61000.00000004.00000001.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000008.00000000.290325606.0000000002B61000.00000004.00000001.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4d108:$string1: holderwb.txt
- 0x4d134:$string1: holderwb.txt
- 0x423e0:$string3: There is a file attached to this email
- 0x45060:$string4: screens\screenshot
- 0x2e02c:$string5: Disablelogger
- 0x2dfa4:$string6: \pidloc.txt
- 0x25c6c:$string7: clearie
- 0x25c94:$string8: clearff
- 0x3f942:$string9: emails should be sent to you shortly
- 0x406d2:$string9: emails should be sent to you shortly
- 0x2dfcc:$ver1: PredatorLogger
- 0x3fe38:$ver3: Predator Pain
- 0x42380:$ver3: Predator Pain
- 0x4367c:$ver3: Predator Pain
- 0x44c00:$ver3: Predator Pain
- 0x4d0b4:$ver3: Predator Pain
|
00000007.00000000.228658758.00000000006D2000.00000002.00020000.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000007.00000000.228658758.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000007.00000000.228658758.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000007.00000000.228658758.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000007.00000000.228658758.00000000006D2000.00000002.00020000.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000022.00000000.321958872.00000000007E2000.00000002.00020000.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b68e:$key: HawkEyeKeylogger
- 0x7d8e0:$salt: 099u787978786
- 0x7bcdd:$string1: HawkEye_Keylogger
- 0x7cb30:$string1: HawkEye_Keylogger
- 0x7d840:$string1: HawkEye_Keylogger
- 0x7c0c6:$string2: holdermail.txt
- 0x7c0e6:$string2: holdermail.txt
- 0x7c008:$string3: wallet.dat
- 0x7c020:$string3: wallet.dat
- 0x7c036:$string3: wallet.dat
- 0x7d422:$string4: Keylog Records
- 0x7d73a:$string4: Keylog Records
- 0x7d938:$string5: do not script -->
- 0x7b676:$string6: \pidloc.txt
- 0x7b704:$string7: BSPLIT
- 0x7b714:$string7: BSPLIT
|
00000022.00000000.321958872.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000022.00000000.321958872.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
00000022.00000000.321958872.00000000007E2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000022.00000000.321958872.00000000007E2000.00000002.00020000.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bd35:$hawkstr1: HawkEye Keylogger
- 0x7cb76:$hawkstr1: HawkEye Keylogger
- 0x7cea5:$hawkstr1: HawkEye Keylogger
- 0x7d000:$hawkstr1: HawkEye Keylogger
- 0x7d163:$hawkstr1: HawkEye Keylogger
- 0x7d3fa:$hawkstr1: HawkEye Keylogger
- 0x7b8c3:$hawkstr2: Dear HawkEye Customers!
- 0x7cef8:$hawkstr2: Dear HawkEye Customers!
- 0x7d04f:$hawkstr2: Dear HawkEye Customers!
- 0x7d1b6:$hawkstr2: Dear HawkEye Customers!
- 0x7b9e4:$hawkstr3: HawkEye Logger Details:
|
00000007.00000002.248071796.00000000006D2000.00000002.00020000.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000007.00000002.248071796.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
00000007.00000002.248071796.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000007.00000002.248071796.00000000006D2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000007.00000002.248071796.00000000006D2000.00000002.00020000.sdmp | PredatorPain | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x7b5df:$string1: holderwb.txt
- 0x7b5fb:$string1: holderwb.txt
- 0x7b761:$string3: There is a file attached to this email
- 0x7bd35:$string4: screens\screenshot
- 0x7a164:$string5: Disablelogger
- 0x7a10e:$string6: \pidloc.txt
- 0x79c1c:$string7: clearie
- 0x79c34:$string8: clearff
- 0x7a3c5:$string9: emails should be sent to you shortly
- 0x7a8d9:$string11: open=Sys.exe
- 0x7a126:$ver1: PredatorLogger
- 0x7a7a8:$ver3: Predator Pain
- 0x7b59b:$ver3: Predator Pain
- 0x7b710:$ver3: Predator Pain
- 0x7b927:$ver3: Predator Pain
|
00000014.00000002.274318737.0000000000400000.00000040.00000001.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000005.00000002.320662138.00000000009C2000.00000002.00020000.sdmp | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b68e:$key: HawkEyeKeylogger
- 0x7d8e0:$salt: 099u787978786
- 0x7bcdd:$string1: HawkEye_Keylogger
- 0x7cb30:$string1: HawkEye_Keylogger
- 0x7d840:$string1: HawkEye_Keylogger
- 0x7c0c6:$string2: holdermail.txt
- 0x7c0e6:$string2: holdermail.txt
- 0x7c008:$string3: wallet.dat
- 0x7c020:$string3: wallet.dat
- 0x7c036:$string3: wallet.dat
- 0x7d422:$string4: Keylog Records
- 0x7d73a:$string4: Keylog Records
- 0x7d938:$string5: do not script -->
- 0x7b676:$string6: \pidloc.txt
- 0x7b704:$string7: BSPLIT
- 0x7b714:$string7: BSPLIT
|
00000005.00000002.320662138.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
00000005.00000002.320662138.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
00000005.00000002.320662138.00000000009C2000.00000002.00020000.sdmp | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
00000005.00000002.320662138.00000000009C2000.00000002.00020000.sdmp | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bd35:$hawkstr1: HawkEye Keylogger
- 0x7cb76:$hawkstr1: HawkEye Keylogger
- 0x7cea5:$hawkstr1: HawkEye Keylogger
- 0x7d000:$hawkstr1: HawkEye Keylogger
- 0x7d163:$hawkstr1: HawkEye Keylogger
- 0x7d3fa:$hawkstr1: HawkEye Keylogger
- 0x7b8c3:$hawkstr2: Dear HawkEye Customers!
- 0x7cef8:$hawkstr2: Dear HawkEye Customers!
- 0x7d04f:$hawkstr2: Dear HawkEye Customers!
- 0x7d1b6:$hawkstr2: Dear HawkEye Customers!
- 0x7b9e4:$hawkstr3: HawkEye Logger Details:
|
00000007.00000003.242361286.0000000000EC4000.00000004.00000001.sdmp | RAT_PredatorPain | Detects PredatorPain RAT | Kevin Breen <kevin@techanarchy.net> | - 0x3aabf:$string1: holderwb.txt
- 0x3aadb:$string1: holderwb.txt
- 0x3ac41:$string3: There is a file attached to this email
- 0x3b215:$string4: screens\screenshot
- 0x39644:$string5: Disablelogger
- 0x395ee:$string6: \pidloc.txt
- 0x390fc:$string7: clearie
- 0x39114:$string8: clearff
- 0x398a5:$string9: emails should be sent to you shortly
- 0x39db9:$string11: open=Sys.exe
- 0x39606:$ver1: PredatorLogger
- 0x39c88:$ver3: Predator Pain
- 0x3aa7b:$ver3: Predator Pain
- 0x3abf0:$ver3: Predator Pain
- 0x3ae07:$ver3: Predator Pain
|
00000007.00000003.242361286.0000000000EC4000.00000004.00000001.sdmp | JoeSecurity_PredatorPainRAT | Yara detected PredatorPainRAT | Kevin Breen <kevin@techanarchy.net> | |
Process Memory Space: taskhost.exe PID: 4548 | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
Process Memory Space: taskhost.exe PID: 4548 | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
Process Memory Space: iExplorer.exe PID: 1352 | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
Process Memory Space: Windows Update.exe PID: 5204 | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
Process Memory Space: vbc.exe PID: 6912 | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
Click to see the 65 entries |