Skip to content

CSIRT-SK/HawkEyeDecryptor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Properties
Properties
 
 
.gitignore
.gitignore
 
 
HawkeyeDecrypter.csproj
HawkeyeDecrypter.csproj
 
 
HawkeyeDecrypter.sln
HawkeyeDecrypter.sln
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
packages.config
packages.config
 
 

Repository files navigation

HawkEye config decryptor

How to decrypt config of the HawkEye Keylogger - Reborn v9:

  • unpack Reborn Stub.exe from the malware sample
    • in can be packed with ConfuserEx v1.0.0, SmartAssembly,...
  • extract resource RCData (e.g. with ResourceHacker),
    • convert to base64 and add to the source code of this decryptr
  • decompile Reborn Stub.exe and find the class only with one-two methods and static string similar to the password
    • change the password in the source code of this decryptor
  • build and run decryptor
  • tested with the HawkEye Keylogger - Reborn v9, Version=9.0.0.5

About

Config decryptor for HawkEye Keylogger - Reborn v9

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages