Source: 12.3.AppLaunch.exe.8b2db5a.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bc0834a.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bc0834a.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8b2db5a.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.3.AppLaunch.exe.8ad5b55.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.bbb0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.3.AppLaunch.exe.8ad5810.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8ad5810.2.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bbb0000.3.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bbb0345.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 0000000C.00000000.357553921.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000001.00000002.367424927.00000000041CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.359164021.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000001.00000002.367080602.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.360604963.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000002.376052616.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.360998857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000002.377094587.000000000BBB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000001.00000002.366769959.0000000003E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: PasswordStealer.NET.exe PID: 6388, type: MEMORYSTR | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: AppLaunch.exe PID: 6788, type: MEMORYSTR | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8b2db5a.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bc0834a.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bc0834a.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.3.AppLaunch.exe.8b2db5a.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.3.AppLaunch.exe.8ad5b55.0.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.2.AppLaunch.exe.bbb0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.3.AppLaunch.exe.8ad5810.2.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.3.AppLaunch.exe.8ad5810.2.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bbb0000.3.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bbb0345.2.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 0000000C.00000000.357553921.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 00000001.00000002.367424927.00000000041CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.359164021.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 00000001.00000002.367080602.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.360604963.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000002.376052616.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.360998857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000002.377094587.000000000BBB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000001.00000002.366769959.0000000003E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: Process Memory Space: PasswordStealer.NET.exe PID: 6388, type: MEMORYSTR | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: Process Memory Space: AppLaunch.exe PID: 6788, type: MEMORYSTR | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |