Overview

overview

10

Static

static

#Order#.exe

windows7_x64

7

#Order#.exe

windows10_x64

7

#QTN-20-97...7..exe

windows7_x64

6

#QTN-20-97...7..exe

windows10_x64

5

$70k MT 30JAN.exe

windows7_x64

6

$70k MT 30JAN.exe

windows10_x64

6

03-02-20.exe

windows7_x64

7

03-02-20.exe

windows10_x64

7

20191107145436608.exe

windows7_x64

6

20191107145436608.exe

windows10_x64

6

2019111211...fo.exe

windows7_x64

6

2019111211...fo.exe

windows10_x64

6

2020 ORDERS.exe

windows7_x64

5

2020 ORDERS.exe

windows10_x64

5

624880_ZOC...PT.exe

windows7_x64

6

624880_ZOC...PT.exe

windows10_x64

6

ADMIN DEPT...NT.exe

windows7_x64

8

ADMIN DEPT...NT.exe

windows10_x64

10

AWB_TR0089.exe

windows7_x64

1

AWB_TR0089.exe

windows10_x64

1

Avis de virement.exe

windows7_x64

7

Avis de virement.exe

windows10_x64

8

BL-INVOICE...CS.exe

windows7_x64

6

BL-INVOICE...CS.exe

windows10_x64

6

BMS PO 4820.exe

windows7_x64

6

BMS PO 4820.exe

windows10_x64

6

BSO_191120...df.exe

windows7_x64

6

BSO_191120...df.exe

windows10_x64

6

Bank Information.exe

windows7_x64

6

Bank Information.exe

windows10_x64

6

C.V - Expe...es.exe

windows7_x64

7

C.V - Expe...es.exe

windows10_x64

7

C956PO.exe

windows7_x64

6

C956PO.exe

windows10_x64

6

CIN - U140...32.exe

windows7_x64

6

CIN - U140...32.exe

windows10_x64

6

CV - Resum...ma.exe

windows7_x64

10

CV - Resum...ma.exe

windows10_x64

7

Calendar2Excel.exe

windows7_x64

1

Calendar2Excel.exe

windows10_x64

1

DOC302429042_SDOU.exe

windows7_x64

5

DOC302429042_SDOU.exe

windows10_x64

5

DOC37774732.exe

windows7_x64

6

DOC37774732.exe

windows10_x64

6

Doc _45654.exe

windows7_x64

6

Doc _45654.exe

windows10_x64

6

Docs.exe

windows7_x64

6

Docs.exe

windows10_x64

6

Document_Invoice.exe

windows7_x64

7

Document_Invoice.exe

windows10_x64

7

FOENER RFQ...DF.exe

windows7_x64

6

FOENER RFQ...DF.exe

windows10_x64

6

Following ...ts.exe

windows7_x64

7

Following ...ts.exe

windows10_x64

7

HTQ19-P040...AN.exe

windows7_x64

7

HTQ19-P040...AN.exe

windows10_x64

7

IMAGE221.exe

windows7_x64

8

IMAGE221.exe

windows10_x64

8

Invoice.exe

windows7_x64

6

Invoice.exe

windows10_x64

6

LPO-16155152112.exe

windows7_x64

7

LPO-16155152112.exe

windows10_x64

8

Lëscht vu...lt.exe

windows7_x64

6

Lëscht vu...lt.exe

windows10_x64

6

MT Swift copy.exe

windows7_x64

6

MT Swift copy.exe

windows10_x64

6

NEW P.O-8...FE.exe

windows7_x64

6

NEW P.O-8...FE.exe

windows10_x64

6

NEW P.O -J...20.exe

windows7_x64

6

NEW P.O -J...20.exe

windows10_x64

6

NNBL DRAFT...df.exe

windows7_x64

6

NNBL DRAFT...df.exe

windows10_x64

6

New Order ...05.exe

windows7_x64

6

New Order ...05.exe

windows10_x64

6

New Purcha...er.exe

windows7_x64

8

New Purcha...er.exe

windows10_x64

8

New Year Order.exe

windows7_x64

8

New Year Order.exe

windows10_x64

8

New order ...5).exe

windows7_x64

10

New order ...5).exe

windows10_x64

10

OCEAN BILL...NG.exe

windows7_x64

6

OCEAN BILL...NG.exe

windows10_x64

6

ORDER FILE.exe

windows7_x64

10

ORDER FILE.exe

windows10_x64

10

Order Feb 2020.exe

windows7_x64

6

Order Feb 2020.exe

windows10_x64

6

Order Speciations.exe

windows7_x64

1

Order Speciations.exe

windows10_x64

10

Order list.exe

windows7_x64

8

Order list.exe

windows10_x64

8

P.O.25890.exe

windows7_x64

6

P.O.25890.exe

windows10_x64

6

PAYMENT DE...DF.exe

windows7_x64

10

PAYMENT DE...DF.exe

windows10_x64

10

PDF324561.exe

windows7_x64

6

PDF324561.exe

windows10_x64

6

PO BMS 4820.exe

windows7_x64

6

PO BMS 4820.exe

windows10_x64

6

PO NO.SC-100887.exe

windows7_x64

6

PO NO.SC-100887.exe

windows10_x64

6

PO#32136578.exe

windows7_x64

6

PO#32136578.exe

windows10_x64

6

PO#P-13082...df.exe

windows7_x64

5

PO#P-13082...df.exe

windows10_x64

5

PO-0088PI69.exe

windows7_x64

6

PO-0088PI69.exe

windows10_x64

6

PO-05808T008.exe

windows7_x64

6

PO-05808T008.exe

windows10_x64

6

PO-ABA-098722.exe

windows7_x64

7

PO-ABA-098722.exe

windows10_x64

7

PO. 11092873.exe

windows7_x64

6

PO. 11092873.exe

windows10_x64

6

PO.exe

windows7_x64

6

PO.exe

windows10_x64

6

PO1782020.exe

windows7_x64

10

PO1782020.exe

windows10_x64

10

PO3245_Signed.exe

windows7_x64

10

PO3245_Signed.exe

windows10_x64

10

PRODUCT LIST.exe

windows7_x64

6

PRODUCT LIST.exe

windows10_x64

6

Payment De...ce.exe

windows7_x64

6

Payment De...ce.exe

windows10_x64

6

Payment Details.exe

windows7_x64

10

Payment Details.exe

windows10_x64

10

Photo-Samp...50.exe

windows7_x64

7

Photo-Samp...50.exe

windows10_x64

10

Presupuest...19.exe

windows7_x64

6

Presupuest...19.exe

windows10_x64

6

Proform In...ea.exe

windows7_x64

6

Proform In...ea.exe

windows10_x64

6

Proform Invoice.exe

windows7_x64

6

Proform Invoice.exe

windows10_x64

6

Proforma Invoice.exe

windows7_x64

6

Proforma Invoice.exe

windows10_x64

6

Purchase O...2).exe

windows7_x64

8

Purchase O...2).exe

windows10_x64

8

Purchase Order.exe

windows7_x64

7

Purchase Order.exe

windows10_x64

7

Purchase order.exe

windows7_x64

7

Purchase order.exe

windows10_x64

7

QUOTATION.Pdf.exe

windows7_x64

8

QUOTATION.Pdf.exe

windows10_x64

8

Quotation.exe

windows7_x64

7

Quotation.exe

windows10_x64

7

RFQ2901202...43.exe

windows7_x64

6

RFQ2901202...43.exe

windows10_x64

5

Revised_PO...01.exe

windows7_x64

10

Revised_PO...01.exe

windows10_x64

10

SEA LONGIT...ER.exe

windows7_x64

1

SEA LONGIT...ER.exe

windows10_x64

1

SHIPPING P...76.exe

windows7_x64

6

SHIPPING P...76.exe

windows10_x64

6

SKM_C33501...00.exe

windows7_x64

6

SKM_C33501...00.exe

windows10_x64

6

SOA DEC 2019.exe

windows7_x64

1

SOA DEC 2019.exe

windows10_x64

7

SOA JAN 2020.exe

windows7_x64

6

SOA JAN 2020.exe

windows10_x64

6

SOA.exe

windows7_x64

6

SOA.exe

windows10_x64

6

SP3-139-V1...ER.exe

windows7_x64

8

SP3-139-V1...ER.exe

windows10_x64

8

Scan 50%_s...89.exe

windows7_x64

6

Scan 50%_s...89.exe

windows10_x64

6

Shipment Details.exe

windows7_x64

10

Shipment Details.exe

windows10_x64

10

Shipping D...B).exe

windows7_x64

1

Shipping D...B).exe

windows10_x64

1

Shipping i...t..exe

windows7_x64

6

Shipping i...t..exe

windows10_x64

6

Swift copy.exe

windows7_x64

6

Swift copy.exe

windows10_x64

6

Swift.exe

windows7_x64

10

Swift.exe

windows10_x64

10

TT COPY.exe

windows7_x64

6

TT COPY.exe

windows10_x64

6

TT Statement.exe

windows7_x64

6

TT Statement.exe

windows10_x64

6

The Original Copy.exe

windows7_x64

10

The Original Copy.exe

windows10_x64

7

UPDATE SOA...41.exe

windows7_x64

1

UPDATE SOA...41.exe

windows10_x64

1

URGENT ENQUIRY.exe

windows7_x64

1

URGENT ENQUIRY.exe

windows10_x64

1

Untitled_2...-1.exe

windows7_x64

1

Untitled_2...-1.exe

windows10_x64

7

Unusual lo...ss.exe

windows7_x64

1

Unusual lo...ss.exe

windows10_x64

1

bin_2CE6.exe

windows7_x64

5

bin_2CE6.exe

windows10_x64

6

bin_4B66.exe

windows7_x64

8

bin_4B66.exe

windows10_x64

10

bin_C237.exe

windows7_x64

5

bin_C237.exe

windows10_x64

6

bin_protec...1F.exe

windows7_x64

5

bin_protec...1F.exe

windows10_x64

6

devis.exe

windows7_x64

5

devis.exe

windows10_x64

5

dhl_doc7348255141.exe

windows7_x64

6

dhl_doc7348255141.exe

windows10_x64

6

documento.exe

windows7_x64

7

documento.exe

windows10_x64

7

new order -85486.exe

windows7_x64

6

new order -85486.exe

windows10_x64

6

payment 000012223.exe

windows7_x64

6

payment 000012223.exe

windows10_x64

6

po 23232 signed.exe

windows7_x64

10

po 23232 signed.exe

windows10_x64

10

products inquiry.exe

windows7_x64

6

products inquiry.exe

windows10_x64

6

products_inquiry.exe

windows7_x64

6

products_inquiry.exe

windows10_x64

6

proforma invoice.exe

windows7_x64

6

proforma invoice.exe

windows10_x64

6

purchase o...7..exe

windows7_x64

7

purchase o...7..exe

windows10_x64

7

shipping doc.exe

windows7_x64

6

shipping doc.exe

windows10_x64

6

statement ...nt.exe

windows7_x64

6

statement ...nt.exe

windows10_x64

6

swift.exe

windows7_x64

10

swift.exe

windows10_x64

10

swiftcopy 433.exe

windows7_x64

10

swiftcopy 433.exe

windows10_x64

10

swiftcopy.exe

windows7_x64

10

swiftcopy.exe

windows10_x64

10

updated statement.exe

windows7_x64

6

updated statement.exe

windows10_x64

6

w3TM24p.exe

windows7_x64

1

w3TM24p.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    exe.zip

  • Size

    39.4MB

  • Sample

    200220-pkqzgmjx2a

  • MD5

    740d3f8ce89c4a34cddfb12c0d1014b3

  • SHA1

    4742325ed1711e75a959b2697dd8718dcde18fb4

  • SHA256

    b3cc4e1f09aa77a31e7071f2a505bfe5f13f9ec3cb73997b0d4a5ac36fc710fa

  • SHA512

    ad7ad5210698554000f49fc58b904d02e1932a0e281ff31b6b9c68e76aaa25113747da034502fd8151a61e11ae134d05c7b73a4ff61267e66a1ad8a47f4d9cf6

Score
10/10
formbookhawkeyehawkeye_rebornlokibotevasionkeyloggerpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      #Order#.exe

    • Size

      1.5MB

    • MD5

      1155e9051add5caf1f9ddb9800bd8814

    • SHA1

      8fc58515afa1f27ca5ca6ae3d9cdd4828475f899

    • SHA256

      2145b4c5abd6f3c3ab4daa594069968619841f90e971b2f4d910f8b5f964389f

    • SHA512

      76d87144c1db1e17dc970e2745560fc2b19376f066cd82a4421a1a23c17163fc4182944a65aab55473a6d2262e8e9708bc9aafeffa04a284f99fa6e32f41ff44

    Score
    7/10
    spyware

    • Drops startup file

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      #QTN-20-971-JA04Q7..exe

    • Size

      76KB

    • MD5

      be4aafc0bb1b1108fd43c52d23f7bc82

    • SHA1

      058ef7378000cd15d93e3e3dabec76a74e50d1f7

    • SHA256

      84a52d8714b6e93f7361b6884e2c292d2768d583e2f01cb3eda25d7bda701eff

    • SHA512

      20a649b338c36d2baf586efddfb9c416818bec38de25c4f8e7f567fecaa6211cedbcd2e045be99ede6e3e2dd188115e7f58722519ea74478ab453a69e1beb647

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      $70k MT 30JAN.exe

    • Size

      68KB

    • MD5

      46bbf5e855bc75bac0102f64ef89d020

    • SHA1

      9ae433aa63784d9ca7d614859bdd27fd1f377b68

    • SHA256

      f51c1470741a6272f90a147fc717bbbc8808a92107e7c16f7c1ff57c69ee2791

    • SHA512

      30072e2a142563d111d3671f055da9a9ed075ae9f6809bbb85136d923112d3b4e4d9d877f6fb470d0170823ef219e70a0400ef868e9454d340055e83aa5e0599

    Score
    6/10
    spywareevasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      03-02-20.exe

    • Size

      1.4MB

    • MD5

      bd60799f301063dc0f421c2c931ccfdc

    • SHA1

      2a62f63630f28ae0634605b361410bbc8ed1eacd

    • SHA256

      582378f817f2393d4fc8d78c493de7e6f2639c4b2aca466e277d47ca53a3f092

    • SHA512

      7b502d4fd1f1372e2de7e06d1c3cc8f2baecbeab5dfd483b563dce4dbaa2bc0642bf7d6800e05e97580a0e813857c7737952a66c7f1e5fc0a587b3d9ce555c48

    Score
    7/10
    spyware

    • Drops startup file

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      20191107145436608.exe

    • Size

      68KB

    • MD5

      97393d9e6eaa2b3481cac21c96fbaeca

    • SHA1

      5bdfc65074dcdad5f27039e68585d4f650f5d712

    • SHA256

      de6adf588622a2f3a30bb2ba35c9a51d6d3a8ae854c145c1ea1815cc15172a24

    • SHA512

      9d06803a8c8e0f2bdcf5a56f188055f0e5dfcd24231626e043c2bf06388ba8032d8f940b8ee5b60cb64ec3326ee9f2adef8f63a4a9d927038692fdbbb44520a6

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral9behavioral10

    • Target

      2019111211292579875_BankInfo.exe

    • Size

      116KB

    • MD5

      88eaf0228d3e91df53e98cc856460d58

    • SHA1

      ff55b60f33dc532d3c3ead9efe2e44edf3e07b45

    • SHA256

      115f68c5b3dcdd290f1aed783b1485915fda14f9840b132f519e9eb67c561e41

    • SHA512

      062c26490796cef240aaced3a346d4ed55d32f91ef07f52b04eb9cd2a150d8e49774582a5f66b96c2e3394c63c84c94388a28959a95d2f63c136bf6e8e6d329f

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral11behavioral12

    • Target

      2020 ORDERS.exe

    • Size

      48KB

    • MD5

      73286015e393e84ed9de6bac47026c0e

    • SHA1

      a25fc0f6100b97e522875ffc650b90e22db399c2

    • SHA256

      9e4af6893873207e1945b734ceddef69ebcbe5c2b6b68a1a2a3b8adbc04a241f

    • SHA512

      23971c9b8d59ff4a19ae7ab6f5601cb7a52b043a1565281afa752d1806e084cb2328d1d166b778d01a53581de80507fa0b280abf08d53a6adf293eb9031bc630

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral13behavioral14

    • Target

      624880_ZOC10280374040_IFP_PT.exe

    • Size

      1.5MB

    • MD5

      a94a92a26e007e7bd968f6fb01a0095b

    • SHA1

      f6b1610de7bdeaedfc72a3ba0cdb68078121c080

    • SHA256

      432fc1341719ea2bcaebcee83f96b20ad7e86cdeac01870377816738f50b3b7c

    • SHA512

      a6f911d84e14b20a147f7806649f904293513c28be444d5530f188396edde386fb183034c2a48af00ed9f9b5196c63cd63b59f60f770c20d5302382dcef9ccf6

    Score
    6/10
    persistencespyware

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral15behavioral16

    • Target

      ADMIN DEPT. INVOICES 482 SGT STATEMENT.exe

    • Size

      72KB

    • MD5

      bebdb7689b5697c9c63a45b3f367151b

    • SHA1

      76fba6d49342b6a66212e5fa412b378938d27ffa

    • SHA256

      a8465b4f33e83daa0a165222ced1ada582be57b3d55f386dacbbce8463f31256

    • SHA512

      03ab75ef2ddb1b2389f4d88d6e19448dd93a25498e8393eaf69356385d11b9d7329cde4869fa4dd9321942a7f63ba32f0c1c85353de7848439071c8630d00bd8

    Score
    10/10
    persistencespywareevasiontrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

    • Target

      AWB_TR0089.exe

    • Size

      1.2MB

    • MD5

      6c2e87cf5c1a84fdaedb4074dbf92922

    • SHA1

      bab5f9acfccd5f692223139570d3abc5c85bab78

    • SHA256

      e362b06fee19208104988e8904e295630612296a60244020ffbef7d6df22cd2f

    • SHA512

      333d44f682154240b99e86308a55ba659b8fff4dcf9dea82293e6c7bbc16dd6adc82ee1774042766b66974b7f1d82c6755967e4a2c73e2e81bf1623488db3fef

    Score
    1/10
    behavioral19behavioral20

    • Target

      Avis de virement.exe

    • Size

      124KB

    • MD5

      63a9dd43976a1fee9357d85367a23fac

    • SHA1

      2951b3d16d7449f857d88cfa403367d98a5b49b4

    • SHA256

      2922b5cec1af1aa38e62b79f1b6618c7e110bee195c1defe6a642f320954b141

    • SHA512

      1793f07462b2fba3c3a93365175f2dffb978fb4696535540897194ae0dd4ac3442ca8d29fdc53b3412448856003dc0b05611b6ac6cf30bf3726a899a9f59b04f

    Score
    8/10
    evasiontrojanspywarepersistence

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral21behavioral22

    • Target

      BL-INVOICE SHIPPING DOCS.exe

    • Size

      188KB

    • MD5

      cc8150c1885727315c860476ce8ebae0

    • SHA1

      dbca815ec369cff43692a34d84be2a360589e78f

    • SHA256

      a4abc0bc968eada66e95fe7b0812f4cb11838f77fed0d2d46e4be0071284e725

    • SHA512

      e8dbc4d502585596c5ac9464e43b903499d7ec4fb5784e0bca3f581f4e249bc8c15bff5f5eb3588cface35ff8e72991f097f826895688f22bd1e643ef9ef74f3

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral23behavioral24

    • Target

      BMS PO 4820.exe

    • Size

      124KB

    • MD5

      1a935bd1a54484f0e02172f00a05d223

    • SHA1

      0845159084e5ff0bfcd1459686cbde277a56d3c2

    • SHA256

      ba9453ec62ef440d13e1e0e7bcd7fc391a5bfd80fd0db7350bd5824d41385757

    • SHA512

      eb38e3e6909aadce68d47c9859da83bb0b2b2668baeaaa9d29223007f08de37cdd192101e1b883d1682b48d44b930cd2205776a670f41cd8627503f6db3261a1

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral25behavioral26

    • Target

      BSO_191120201_430001882_SHpdf.exe

    • Size

      1.2MB

    • MD5

      2eacbb19f0cdcba736b90ebb240d5141

    • SHA1

      844eb3e63f6f79c80a006d05e36e7c855061a61f

    • SHA256

      e2f632cc377b027e80f2045f2bab2c0a4467c2ba0e1c9327a7e174bdef7de841

    • SHA512

      1d766629b62a88b6dbbf858387e2169ec64ffffe85ca6bcfcebe02a58a38ac7b6839c964d5c44048686611c98c26460a27ddae83396639945bdd486c638830b0

    Score
    6/10
    persistence

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral27behavioral28

    • Target

      Bank Information.exe

    • Size

      60KB

    • MD5

      8f30fe69d5146ed6130120da495a87f2

    • SHA1

      042be30d423150c335bad3556bb4d290b24c97cc

    • SHA256

      dd23cc62b3dcf7ae6a4063b8a64d925f3b796692c624dde7f9b1b3ee5692c7f5

    • SHA512

      48272c92bfee25c7a8db5b89eaccbbf6d78fce6b05362f05beb1e90ce47fd0435746234d9eb0cb87126c978b3d3a44091f2398afdcbce916239f53d27a52525f

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral29behavioral30

    • Target

      C.V - Experience Certificates.exe

    • Size

      771KB

    • MD5

      083766ee56eb8c53f078ff95d816ef50

    • SHA1

      f485048ce97918372635a7cd933b1be63b73c9e4

    • SHA256

      d6c7734e6091151fe53c158d2b6323e589dca3e6e5651deaaa04d9e979cd0813

    • SHA512

      49c6bb577c676f1b1965eeb5095ce43c4d43f617327541fc1256c932389c3cc68267234b01a56bfcb8a4bfd84029b7c6f6c23c9df9fb6d218dc9949919087c97

    Score
    7/10

    • Program crash

    behavioral31behavioral32

    • Target

      C956PO.exe

    • Size

      96KB

    • MD5

      9d9db1de3e3e2f2d0a719ddc08c2f378

    • SHA1

      06cb32aabbaa9ae6ca4ea8841793e3e4398c1615

    • SHA256

      2f65664e4e865e8b2fded8d30cc33e3d7994ea73a90c8d36f2605ce112e167e9

    • SHA512

      56899858483369d42e5e692e8754172f3dac5a9785064a396aa3a4645491df3a5ec0fe94f535db9b06da7f6d42437b54ae684c094dcad373733dd23921ebcd9c

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral33behavioral34

    • Target

      CIN - U14012020KA2006PTC038132.exe

    • Size

      1.7MB

    • MD5

      6396fe78e95b05273b8a68e7577d614f

    • SHA1

      735ced0e124e96c2e4f3aed7a20e8727e0e662b4

    • SHA256

      0d223d5999ed932250bb6496c5c102ea365913f898256cf3a7219ccffe994046

    • SHA512

      6a93c90d37909f6b69cffbea2324532b4216bdd67ff76234654840d3a7b4019d5f06e9a735c1aed8f44da0433f1f0bababaeba4db1c2781b684f2cdd4818a2c7

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral35behavioral36

    • Target

      CV - Resume of Sunil Sharma.exe

    • Size

      761KB

    • MD5

      04712d89b9769be8c131e16f6c488495

    • SHA1

      c3de9eaa8dbf9d656708bdfd2f4ca2cbe797c211

    • SHA256

      1cc2ded54e0c8a77c832e43abed103264d5afc31de2d72e2babd284b2efddf0b

    • SHA512

      eca3a04b96abd41b0bc005cd391e53ec6449f53829217a2ff4a466f945379259b260820939c4a44c71de75d34d4427c52dc0a600c10dbb233b49fc3cf8812cba

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enchanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Program crash

    • Uses the VBS compiler for execution

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral37behavioral38

    • Target

      Calendar2Excel.exe

    • Size

      136KB

    • MD5

      52dd97d59c7b4fde652bd5f55132dc9d

    • SHA1

      d0c9feeae4d0b7836363b2ed179045c47ea7eb99

    • SHA256

      c7c5114c1962847b1a190861e84fae5727c66c8cde390d2c321420c7dcd133bf

    • SHA512

      9e714c4b68908c3f45ec83fc21ab422a2d84acb7334364c93bd0e3acc707e7c99c48dc9dbb0a6a8e83df4f497570edd798b6cd4dc496926e5e29c94a550d5dd1

    Score
    1/10
    behavioral39behavioral40

    • Target

      DOC302429042_SDOU.exe

    • Size

      48KB

    • MD5

      e30017a9ba403491ec8627b05b36731b

    • SHA1

      9f771035789778319f7c5d13cdc31977db6df06e

    • SHA256

      ecb2e9f29e7fea6ab2bee412a829d48b317a8daf0c910a58950337bf1c5d24b9

    • SHA512

      ab7f12ec33547528271ce1be532f012959104d4d1facad4c107e14651df92d9b4e3736c46d63cf5b51292ea22d1332748d7e2eeacdc77f57eb282dd39a4c3b5b

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral41behavioral42

    • Target

      DOC37774732.exe

    • Size

      1.1MB

    • MD5

      e42fc755841fd2f376a5e49c96bc195e

    • SHA1

      3bb43f89643e8d9b8b818b6a7de521395d33d270

    • SHA256

      bdcde66ab295ff586337f1edf224973992d9b886bec55d220fc9e619311c56c0

    • SHA512

      11b95c1a92d40eed239cf48fd1447f89cc824a2db6c5501a96dc3e336ace20be48ec657b0750dca79a1cf014aedc40eca6237a679026d6fe022173c0921be58a

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral43behavioral44

    • Target

      Doc _45654.exe

    • Size

      108KB

    • MD5

      7f3a82addeec03895831d6fa047e1e14

    • SHA1

      f5aef3c9b955d041d35f965f9af263035296284a

    • SHA256

      6d48881a2b21b1d6a7cc644f6a61ec4f70097e075f8e3848a121506d95457661

    • SHA512

      ab4750d872c6d96766f8200ead6067fd4cdbd9c2ba68a89ef0ef258ae79fa9e535951c80b40f14527b07f2510fb57d9e87a03c50eed48e679f0753a760e8c0d4

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral45behavioral46

    • Target

      Docs.exe

    • Size

      144KB

    • MD5

      e3f6e24bd8596ff3998edd7b5d3dacff

    • SHA1

      85fcd1b4a3752ee22fb5f5e9157d5503a6c46525

    • SHA256

      b511ef8538b1b2cfc8e162b062ab837649bc724b0515ce39b84d9af1fb450df4

    • SHA512

      c8708b32e26b2aa8cf7026159aea59e1645b439d14e6e947f41855aea86c8aef92a9c3d63cc9455beecdc55eb71f5b1df9661f1c5fab15b669d8444d12d8d5a0

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral47behavioral48

    • Target

      Document_Invoice.exe

    • Size

      1.5MB

    • MD5

      37079041e50c2dd89f5378caf003c13e

    • SHA1

      fe5a4af8fbe70dd01d9829a170e552a2f7be19f8

    • SHA256

      26689bcd2916126f62b4f621406734bfc7a5102d471469fd7ebe5d5af39786c6

    • SHA512

      4475c454b90f754b67fb6e48bc8ecd46bced8abe1472cda81cc5467e757b9790affb39f58c078f0d0fed4516e4f7a5acae54d89c7b9e78c61ad3ca31ccde574b

    Score
    7/10
    spywarepersistence

    • Drops startup file

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral49behavioral50

    • Target

      FOENER RFQ 24005-1101259321_PDF.exe

    • Size

      116KB

    • MD5

      917dbd37166262763a74c6b030096ea1

    • SHA1

      0bcd9462d915aa4eb5b41f9a42826f253e7aaa1c

    • SHA256

      2042f1771ffd9712674507f05df460eae98e70596bfb8123f70efcc31210c6d7

    • SHA512

      1dd12c896c721580c7812a3f52d04bf059e856e386322c7845f7457941d0becbc3e21fed7ef6931ae2e209181a7fb4558ea118b60d4e023655e5f7ad6dc71fbe

    Score
    6/10
    spywareevasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral51behavioral52

    • Target

      Following documents.exe

    • Size

      899KB

    • MD5

      b2979788c40ffe87d19fa9f394ae32b1

    • SHA1

      c3c21e3302b8cb0cb51c8b79bd746d3dd905ea0e

    • SHA256

      ae7e58bdf5113bd0b6510c39871a5c1db66692ddcd595f88ecd38aadc2fbe7e1

    • SHA512

      5cf6510485306a0c54bc6fc8bac6ffffc1b993707ad0fcca666f29ea8e95d8f7b785f2830e39583dd60cee43464a9baffebcbfbc5e6f00a64e18769dcb972386

    Score
    7/10

    • Program crash

    behavioral53behavioral54

    • Target

      HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exe

    • Size

      56KB

    • MD5

      a648025b8207bf7c891f931dd91060a1

    • SHA1

      a124f48255a21d6cb6d166f72456c33a905fa39c

    • SHA256

      12ff5c2708756ae3478eb6373106dd1dbd25af881f0513946e720e46657c9b1e

    • SHA512

      edb187c1e09facbbe16720c7bac9d52af253dcae491b79b9a6f5ed300573aea2b928508f0d3e92e59896930da9f19c27b32d7d1110fbbb07b433d6aa7ed3d2cf

    Score
    7/10

    • Program crash

    behavioral55behavioral56

    • Target

      IMAGE221.exe

    • Size

      865KB

    • MD5

      29d8c2b128da6ca1ab329d0f05ab3402

    • SHA1

      c9ab27d911026a098dbbf4df5b2ba60fb1bd44f1

    • SHA256

      603480bce8b3b6c6131aa1f0c7751cf4f444018968362c302679298cfac61772

    • SHA512

      b6725e9908bb802fa9411dc8b30579aa3ccaf9b4058a5c4ea246f79c44278e8a2e6fa627f235d788ff677fb741b740ff5d6ba76ad3da241a835c966d54de3ca0

    Score
    8/10
    spyware

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Program crash

    • Reads browser user data or profiles (possible credential harvesting)

      spyware
    behavioral57behavioral58

    • Target

      Invoice.exe

    • Size

      68KB

    • MD5

      c9b7147e7e6c62317efecfc73e1fbd25

    • SHA1

      b2d8474b2fa8654da7976259770eaac96179d359

    • SHA256

      23bc513a0b9968c76b1855532a4b03eb55b70a634e6bca9629605e839bb33c7d

    • SHA512

      0aeeb288da30fcf66558883660adce04917cb8df335bd5decd39801d8f44cde70a673d30b2a6dbf72f0c23b2fbdf020875962758bb0a20867e21d53f5f1bdb0c

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral59behavioral60

    • Target

      LPO-16155152112.exe

    • Size

      260KB

    • MD5

      a932126f182018c8113a0e506dca68e0

    • SHA1

      b564193a406656c2b006e042fc57c72b6688c12d

    • SHA256

      ceeaa58aa03857ec498bcc0323474f49e871a17727570bda505ae4507e829123

    • SHA512

      73260b61384e01cbea78ef52a67f730f47869632a72e85454ad1bf6fdb05f6dd76526ee58872794b61162e6819c551ada709099aa449e4f628850684819ebb76

    Score
    8/10
    ransomware

    • Executes dropped EXE

    • Drops startup file

    • Program crash

    • Discovering connected drives

      ransomware
    behavioral61behavioral62

    • Target

      Lëscht vun de Rechnungen fir Dezember 2019 net bezuelt.exe

    • Size

      1.5MB

    • MD5

      31a9c681208f4b0feac0ff68e387ab4e

    • SHA1

      07b362ac27171adbc3a2b7bfd159f2fba21554a1

    • SHA256

      08683becf8fe937f2542debaf9c8dade88cf50a58175c717d3423061e5e2bf4f

    • SHA512

      6a4cc975fd776d9c36c243c4709d8e31cca99daf7f592f77fea19a54f4f337e15b76d2df692355a30024d3755612b9f5e0ac83bcfcfdc437d9faf52cfcb8b29c

    Score
    6/10
    persistencespyware

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral63behavioral64

    • Target

      MT Swift copy.exe

    • Size

      68KB

    • MD5

      46bbf5e855bc75bac0102f64ef89d020

    • SHA1

      9ae433aa63784d9ca7d614859bdd27fd1f377b68

    • SHA256

      f51c1470741a6272f90a147fc717bbbc8808a92107e7c16f7c1ff57c69ee2791

    • SHA512

      30072e2a142563d111d3671f055da9a9ed075ae9f6809bbb85136d923112d3b4e4d9d877f6fb470d0170823ef219e70a0400ef868e9454d340055e83aa5e0599

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral65behavioral66

    • Target

      NEW P.O-8T638TYIGFE.exe

    • Size

      172KB

    • MD5

      35e93b542142d0f1c0a3e99bb09b24c3

    • SHA1

      aaf3df2b9aca8ca02c00508a94dd22935bd6d5d8

    • SHA256

      151e07da9bba0e1463a37da68876607388e592ccc9e0ae8b605efed6b03c6473

    • SHA512

      ca4ac9f8ebde2db0576928f9edfea2e4a5b9c846e821c295035e5b368a65ccbbecc1581e4317ca3ccea240f41decc96a1313446f18ad71a05fde9a772abb17ae

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral67behavioral68

    • Target

      NEW P.O -JANUARY 2020.exe

    • Size

      96KB

    • MD5

      1dddde12890e28ae63bc214b2fc20661

    • SHA1

      e199bb23570bcd2c6f28792bf38b78829b68df34

    • SHA256

      8dfaaf617e2c4f4b6d4eb6ed33c854fd887a55ed27fc6866b217a004aa9820d7

    • SHA512

      9c13cd3a081565b9e841fe625e2b88d917e06a65252381c8064ac3d678e4d9656238ec7d51c02efde0b64db72aca644df73b24eaf989a9bf190f11326051c31c

    Score
    6/10
    evasionspywaretrojanpersistence

    • Adds Run entry to start application

      persistence

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral69behavioral70

    • Target

      NNBL DRAFT SEA LONGITUDE RBDPL14703MT.pdf.exe

    • Size

      618KB

    • MD5

      74cfaecd160bf8988967cef807b90613

    • SHA1

      24382f8b3a62bf3138865946b8ee72571551a3a8

    • SHA256

      9026d157feb61edd4700695aa02be0dd834d6d3a66c3ff260745aceaa195f831

    • SHA512

      7740bd1cc18eac92728ab328856fc5d2fdcea87bc581da12ae9add437809542bbbed4098b7be2103e014dd78e885d382582ef3e4f9c4af24e87ca4af33e76fde

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral71behavioral72

    • Target

      New Order  PO# 1028020605.exe

    • Size

      116KB

    • MD5

      b76dbc889b3251bd455ef35b69a69986

    • SHA1

      7ba5014101e0e58f2f715af0e1984450734f588d

    • SHA256

      3d2dd2e0fcd89af8bfc8195b9dbb4edf34493514c4708d0daf65bb8b90781f1b

    • SHA512

      189d719a559e77df08c0494c0024ed4abf899935c39770115ee016faec69fdf8eb7b1897ada5fa550d544a9a45e5f3567eb52dbb8fbb5d379653fcbfadb4c25e

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral73behavioral74

    • Target

      New Purchase Order.exe

    • Size

      392KB

    • MD5

      6fde327d1798819ad86fa4f70c8c7603

    • SHA1

      c7de8198e57b284203c79a819947d123fc749a3f

    • SHA256

      97150b418a399bb490c31c29ff088f9bfcab8e13b12aa7028dd267d97c541bbb

    • SHA512

      e8276f6a02b50e8e52c2c0376c930d104ac395ed69270c579f1f92342f6b8f70fdcc55989e363aefa18ad33eb3572e4835c6728f49e83cc6b8364bb949b18ff1

    Score
    8/10
    persistencespyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Program crash

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral75behavioral76

    • Target

      New Year Order.exe

    • Size

      1.2MB

    • MD5

      0b6cf08dcaafb691cfabe87457571d5c

    • SHA1

      d7133b6c3ecc04f1123a2259166bc59853fb9136

    • SHA256

      d3ad8323e4f27940ff96386599da285812edc005c6119fbec1f1bf8951b8833c

    • SHA512

      c37b052fd056c017d6f91117b8d28a0756305bdc4b74a53221f746a0d2458581453da5f3b547d22e159c2dc97c13270cf3705834bdee49435e835c9ff5d26a0c

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral77behavioral78

    • Target

      New order (#20105).exe

    • Size

      1.8MB

    • MD5

      0b5cf5040fd0e444227ae6b8643e4f37

    • SHA1

      76814c8d033c0db96dbc5155e81e59d5e5fa4f6a

    • SHA256

      ead3e5e2cf34393460f4d86992137e980fed15e52c7c9b761e099d7a836d04a3

    • SHA512

      88d30a05457ea84c39b98ff394770d8a2738ebaf5990f98954efd07348a86c57760f95305729168a1605783be6492cfccca43cbb6363f279538f117162169ba3

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enchanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Uses the VBS compiler for execution

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral79behavioral80

    • Target

      OCEAN BILL OF LADING.exe

    • Size

      96KB

    • MD5

      10981365a0abc91620e54ff356936f14

    • SHA1

      60e9db50164777edeb89b3ea4dcfae26d353d461

    • SHA256

      ec2b8daf0e06c86331993b6b47402bcfe64d7192860ff1fd9b12bf74c5412df5

    • SHA512

      b96ce1763464e6cca8cdad161ddce0b9626409f1511286e42575b424b6daf166cf6a86a339ab4b43c2d838f41b0480d159e8f3554c6e02db242348b2d4371bd8

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral81behavioral82

    • Target

      ORDER FILE.exe

    • Size

      1.6MB

    • MD5

      04609abf98b671dac3ca2792ee4b0ee2

    • SHA1

      0fc920764449a64ecfe17e24352dd3420d0ef6ee

    • SHA256

      e7137437257aaafcd4ea7634c844d822d3079de56c20012027a164b377321d6f

    • SHA512

      2a8cfc1a1c12cead5892f5b5336df8991547d5d957e8b465edc3160538e19bfbae72d32e0d97075030d7372bdfbce5f1c7b7a28128531c53d35826597b7547a3

    Score
    10/10
    trojanspywarestealerlokibot
    behavioral83behavioral84

    • Target

      Order Feb 2020.exe

    • Size

      60KB

    • MD5

      5bdc5b53bfe7978bb86c2c243ed20180

    • SHA1

      eca67fc058e8993fa6680767c3f8469846a8c0d6

    • SHA256

      f904f6aab34d53de202decd905ae71807a5029d3817e902f467b79beaf853dd6

    • SHA512

      f10ae65ccaa94755cc8c6efc6d97af3a2b8a3ad28117929cffccb06b330adc7257189d2463474fff2e11de1217a8db5800ad4d315922944dea48515dccc548f5

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral85behavioral86

    • Target

      Order Speciations.exe

    • Size

      1.3MB

    • MD5

      a728dc0bc3c46cb57909c5baa1019dc6

    • SHA1

      4025c17e9e6746355243f5383d4669b787e62f15

    • SHA256

      7a717a5c957fb953a87471cf8e029ae0406fc241e9c10a583b57377f1600e778

    • SHA512

      0f40d53690b36403fda0518d6766f829627f1a4afca671db50e29d1b0d8f8bc2a528fe4e18ddef4867f8ed1359a0494e8ebf3177f9907f8c59a69cc3d1865c61

    Score
    10/10
    trojanspywarestealerlokibot
    behavioral87behavioral88

    • Target

      Order list.exe

    • Size

      1.4MB

    • MD5

      64d8e066620dd740cf4fc1b565917577

    • SHA1

      f9e781e96cc2d6a8933b857dd782a906b070333f

    • SHA256

      0291c9162fe285ac0a05a682ba422446b355a609c9a525b110c3c0d5ca4dda5a

    • SHA512

      2a5ab886ed9f9a085c74ecd3c626eb77230d53b10bb10cf12786f8f1d77946754f353920f87424451698e29d90f1ff959e988d60db75ef51144fda2f5705c444

    Score
    8/10
    persistencespywareevasion

    • Disables Task Manager via registry modification

      evasion

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral89behavioral90

    • Target

      P.O.25890.exe

    • Size

      76KB

    • MD5

      f6a6b3a6721e11b3c28adf9c8210084b

    • SHA1

      1e053e53c931b3543c8489a75856aa877840fcd4

    • SHA256

      39fce8c6366748842da843e787a39ead07dc7129c99e087a284586dfa9e4d9ce

    • SHA512

      8225f09eaf7117c235041cde410f4df9edaa62afd5ee85c812a54af75b2c69cf61454a493539401f5f13c8c8ab0f6a424abf34d56da4898c61f7a31fcfa0d253

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral91behavioral92

    • Target

      PAYMENT DETAILS_PDF.exe

    • Size

      339KB

    • MD5

      cc675d172df52a4539784a7be697efe2

    • SHA1

      ba0aed7428515321f793cc000647c668da9f1012

    • SHA256

      3255322e73ad5e7a0c36e8019424fbb7cbc8acbd10293a0387db72b95620c71e

    • SHA512

      3f345fbfa793017cb866e955e29ce25befa4f8b58898d6547027214829940fd17fd235ceb1ce25f60c920a46ee568da3e60dfb251c6571bd113438384d10df76

    Score
    10/10
    spywareevasiontrojanpersistencestealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral93behavioral94

    • Target

      PDF324561.exe

    • Size

      256KB

    • MD5

      96aa1215aa5ebf6e7f2be2a28e31cecc

    • SHA1

      5f9b5b596b90de205ca70073c9b25d25250c46f9

    • SHA256

      7b50612595ce84a7eddc27527a038809b32b99ab9b36d8155df4292127554148

    • SHA512

      3ca9a9759b14d9769afd8c7d5c033b7a53982864032782cb680304aedd7a06db9586e1c87ada572610bed2f4b4c69b6b8446d7512431df811de257bd77c284b6

    Score
    6/10
    spywareevasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral95behavioral96

    • Target

      PO BMS 4820.exe

    • Size

      172KB

    • MD5

      dc60f5b5161540e1c67be0c782d4ee62

    • SHA1

      4668418b5aa819ad0bbdbcab95f6939b0a20426d

    • SHA256

      2c3b54869394148c255e50664847bd5d5c932a30b3ffd94302ead8453a68bc0c

    • SHA512

      27123cd3f6e7368c24180ddd23fe60e4730f87b8befad43f5b542594ce18cb686ceb42dcc6fae559519ab7484711258ac549e1f0bfea290de410f85369c5bdee

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral97behavioral98

    • Target

      PO NO.SC-100887.exe

    • Size

      120KB

    • MD5

      80dd76e55dd758111f93c7f4c7f148a1

    • SHA1

      7d62c0de59ef0121c99cd6141be03f36de0ac513

    • SHA256

      7a3795c9d64d1a6d0807106673efde3367f799062c311c66f08347cf6e928556

    • SHA512

      a9c9ef8cf82ba52e6806730169c392a153b7894b110644858494f07563d4cf4508ed00e37dcaa6a2e9420625a3af71994a6dd7b009b0cfe257e180991b0a2013

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral99behavioral100

    • Target

      PO#32136578.exe

    • Size

      361KB

    • MD5

      a93beeaa278213ad33ad2f1c5e1e44f1

    • SHA1

      6c93cad3a9a6f9c2ad4b698b9016fb574e71037c

    • SHA256

      e8e16b4d12c1303dd69d8711db9d9c72e52d14674a5c8e2b1f9d3462ec6bb004

    • SHA512

      59eeb2c6c8d28da16a494c47471ee9d1f4c538a30504d2140ce1d847d6d3977289ba3f70142cb47cbddc636f0c85995f85f9f2d7b0d7117215952cca09444863

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral101behavioral102

    • Target

      PO#P-130828-01.pdf.exe

    • Size

      192KB

    • MD5

      637dcbba8dad8a30daab515c7956cf1a

    • SHA1

      57272fd6c6662a62dcb34fb8c8c595fbfb7819af

    • SHA256

      f91a53a61366f012eb05d8c171b820a2f772301daf7b2b269f2a2b64e70a2e4b

    • SHA512

      bd21afecdcf50f85e329e58eb120b80562df7b3e61821d7e59b2bc41b436d26d463cc7fa207d764b484545f6cabc4e007dc8fa97bbf2697b11cdb3ce7c7b49c5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral103behavioral104

    • Target

      PO-0088PI69.exe

    • Size

      188KB

    • MD5

      55923f9430da301019f9ff8ee13074cb

    • SHA1

      ffdc46c8bb7ee946432d034d7552312b7183b0d6

    • SHA256

      03455a8f2fe6450f4d306ddf3854db0daad23720ef8842fb2735de52ae6efcab

    • SHA512

      2b82ebcd503fdefa47db1a358267b7a7209c9a26b29c01a06c691bcf268d1b90f48d6c10d180c560bb873dc546ac5f75a5e2e606c5808057e230141072c6f64d

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral105behavioral106

    • Target

      PO-05808T008.exe

    • Size

      124KB

    • MD5

      b5ba6793c40a1cd81bc3fc631cb0c696

    • SHA1

      f802b049c69a23c1cebdcca971a8db4c39a1721b

    • SHA256

      9a46254b4850cbd8d04086b86eab6723d1070936af09ed52ec79e00fbb74dfe9

    • SHA512

      d47f50fe1d8369c0c427de22bbd5378bb422ebc437e2dea1927cb7fed5c9ef68b394316169db1178f53243e28ad25ee8536adb5c54a3d28ae239cb4f8a35fb30

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral107behavioral108

    • Target

      PO-ABA-098722.exe

    • Size

      321KB

    • MD5

      666dd51c765da2740de54c62afcef393

    • SHA1

      69530691c72b063a336fcb12b1d5d82fa7ccfb62

    • SHA256

      9f4b8d1c3ca81bfd4051668e3a0c84be250154899f3a2cf0b9449398db2912c8

    • SHA512

      20ac6fbbf305c52856e590ccacef645c2a6afe8a14bf02be80cf180752f0780ad83aaf314fcd9efe24af2a9dd6b92104fd5aea779a721c1880f20b160156ea00

    Score
    7/10
    persistence

    • Program crash

    • Adds Run entry to start application

      persistence
    behavioral109behavioral110

    • Target

      PO. 11092873.exe

    • Size

      68KB

    • MD5

      65132ac17c3d676220d7965edc33ff62

    • SHA1

      2bd189d3f29dc66a2d3d5d91496c3457f588a3e3

    • SHA256

      5af24f59f58ec6dedbd62dd8d85a91a11d7a3640a1e90a8c0f3d692ef9f7e70d

    • SHA512

      f4e1e5fe78527061fbf17fe1ba1cb9537efbc8f22fc805bc7a4c3230274b5a8b51f790744561a7f2cb5858b6dffd6404c55d95a18306086fb0dc821d223e4a6c

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral111behavioral112

    • Target

      PO.exe

    • Size

      96KB

    • MD5

      3f2e3862d08289ebb7aa3ae4909fe0d6

    • SHA1

      3c82133142309f3c3d61d7028fb6d2c56b0f8f24

    • SHA256

      7f551f84c3943395e79e94935d7fc2b967cbff75402d988765ca9ca46b794a3c

    • SHA512

      591feadaddc87cad477716c73b5692d629a6ee81992c5d30d06e575e1ae9c56c87884c25b5aecd0f842de9dd1e5d2149fde68cd6f967b7d8db8ed8d2ac8eea07

    Score
    6/10
    spywareevasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral113behavioral114

    • Target

      PO1782020.exe

    • Size

      52KB

    • MD5

      224d530b99977daeb3d5e40838d329fc

    • SHA1

      86ea8fda5bad37c69e08ffc9c68135622a55e8cc

    • SHA256

      114ca2d3b6735988fe20d5b9c52d09cd199c0f45de39cd3abff54b2ebbe88057

    • SHA512

      0f004d9f36e8f5ca0a4963a79228cc292f1f7561a3d98dd5ce0bcfa499124212bd99dd3a141852f2bfe4d6a9d226c9a0a0b14c5ca680e34ca8380d1fdd33233d

    Score
    10/10
    trojanspywarestealerlokibotevasion
    behavioral115behavioral116

    • Target

      PO3245_Signed.exe

    • Size

      124KB

    • MD5

      65542ce984241635118cae51413d1fe5

    • SHA1

      809c8971899a4ef1ea27c34c081981fb6da6e7a5

    • SHA256

      9f6311ba74f2be5952ec91b7bc1509360e2019398204885f983b14fe3d6d1f86

    • SHA512

      b283cf59abab4c3ab6216e537a5288fea0a66132d9d7c8c87e61ab3b46817169c1166cf371c312ca972c6d03056852a9a3172ecf380272c608043b8bee038e55

    Score
    10/10
    evasionspywaretrojankeyloggerstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Uses the VBS compiler for execution

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral117behavioral118

    • Target

      PRODUCT LIST.exe

    • Size

      76KB

    • MD5

      1648dd9a485e3e6737fd5256dc427fd7

    • SHA1

      3acce7631a667bf3dc8c78b4b900dc797be6ec22

    • SHA256

      4d9b0611887c2a9abf12b1f104cd6713e0fb8c8560bef86c5e6a10efde8740f2

    • SHA512

      27cb2e4ab286711af3e41def4c8ec9443b87a04817a83829be59a87f1bd8a005cd095a7f2c38423effcc20c666c525cb3ab53d4501881d5734427fafdc4e2278

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral119behavioral120

    • Target

      Payment Defaulter Notice.exe

    • Size

      116KB

    • MD5

      69d14901a9e0a3ae84b543712320db91

    • SHA1

      afbb13d446632db8ce5f44463fb7e8a4a8026a0a

    • SHA256

      e9f1430655797a4987ece9ea0620b091fc6694ea19ba46fb8d81e3ce16a6c8b4

    • SHA512

      ad72a89c9b53983fb5519d7552e34363e25c23e1820532192cc179ab7359ef3fa780685271cc6039483201ee83665e5f4d13087af791d21b249752ff553e0b08

    Score
    6/10
    persistencespywareevasiontrojan

    • Adds Run entry to start application

      persistence

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral121behavioral122

    • Target

      Payment Details.exe

    • Size

      619KB

    • MD5

      7e339ae04105233c0b48396fde4feabf

    • SHA1

      cc966901f9cab5b6029a124669c4f226e544eba4

    • SHA256

      e4175079c591142ca40e3eed98f45db421546f698cf78f33b583973b0c42ca39

    • SHA512

      dbdc0f38ed8539398ff7fc16f078fb09258131d591065ad332f23d42b02646593cd76a2b07d85fda80afa168723ca18ebdbf74df8e0090366173548f51f8ab91

    Score
    10/10
    spywarepersistencekeyloggertrojanstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral123behavioral124

    • Target

      Photo-Sample 7t09250.exe

    • Size

      1.2MB

    • MD5

      aeef0ccad7321ab232548cb7747dd71d

    • SHA1

      045172597a3c20fc2daa7fe0f0101153067b6298

    • SHA256

      c416d995615945fdd233dcd356085bdc03734b5fe5cd772781442bec72905a71

    • SHA512

      d18e27531f69ce6995bedf6efe8fbb229cff02158ce7f17663296fb8634d18462417960432159da396a4f9e531ae4b14a3cef9ffa7aad9b7107ef236e9284f0f

    Score
    10/10
    trojanspywarestealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral125behavioral126

    • Target

      Presupuesto de Ventas para Fluiters RQF R21100Q2, DEC 2019.exe

    • Size

      1.4MB

    • MD5

      77d38e7a5bcfee3f8600ad8d141236c7

    • SHA1

      f71c7dbeffd6cb3a97404b6b8326757ee47ec73b

    • SHA256

      88dddec24205d13209e435059bf0351ea661431f956849633b8eb478cadcc52e

    • SHA512

      81840623374bbe9fa053d6c71bbf33de66c57286f0770c2219c7acefa3fde2b1cc7446f45de85c81f05426e31f67f802ca0737215d7f60ba8be9fe5b978659b5

    Score
    6/10
    persistencespyware

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral127behavioral128

    • Target

      Proform Invoice no 123 by sea.exe

    • Size

      68KB

    • MD5

      46bbf5e855bc75bac0102f64ef89d020

    • SHA1

      9ae433aa63784d9ca7d614859bdd27fd1f377b68

    • SHA256

      f51c1470741a6272f90a147fc717bbbc8808a92107e7c16f7c1ff57c69ee2791

    • SHA512

      30072e2a142563d111d3671f055da9a9ed075ae9f6809bbb85136d923112d3b4e4d9d877f6fb470d0170823ef219e70a0400ef868e9454d340055e83aa5e0599

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral129behavioral130

    • Target

      Proform Invoice.exe

    • Size

      72KB

    • MD5

      3bc5e90b0af824f86cd18fe421d6b646

    • SHA1

      fc7e105427764d69efd7e28b59a84cefa7649444

    • SHA256

      6aad3b3ee606cf2b24d770660b87df9b8ffa8fcc5e7d403528f31cc7d52e5fc0

    • SHA512

      c6c47452eb26e6f3f871a8315f83672d7bc8b51ec01b3ba5284a0f9b76676d2ccc68f61f2197bb6c58a2342849d295c36a4458fa3b77da787138225affa437f6

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral131behavioral132

    • Target

      Proforma Invoice.exe

    • Size

      72KB

    • MD5

      c4621eec483d53149a3be009e66feff7

    • SHA1

      c5156341e4726e5a11a536146506af62ed3e62bd

    • SHA256

      ab7049214198281d0effceb67875bebbbc022a55f9e6a2960ac71b0c1f2acebe

    • SHA512

      320515628b7e48c5899a44f5ec59a937c6e6e6d5f4baaafbfdff0e6fbdb56d91ec096a1e573d55873ff1d43ea91fff2a54716059fba1ee7cd69cd74ba5a6cd7d

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral133behavioral134

    • Target

      Purchase Order-030220 (2).exe

    • Size

      72KB

    • MD5

      580777b93af124a619e2fb501420bc0a

    • SHA1

      c642a798850da58b3991c3abf1b1846c1bd63c26

    • SHA256

      7ea9775d0d9c57281aaf7af9f7ca449b044ec22bd5a88c3099c0fa34c04b2f50

    • SHA512

      fce20ca29c55212948e9e2c826d8ad9040b30c307097096b5c27ad038e8c838b47de54b900754852e046371411a0f1b7b5d85d657a0b7bd1fdb6453fae611231

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral135behavioral136

    • Target

      Purchase Order.exe

    • Size

      188KB

    • MD5

      9a1002d96412fd3a78021ac84c6f2fb0

    • SHA1

      7549b6b4e462f73011bab8ce10028f2efce79d00

    • SHA256

      2f0a58f9245c80a7cba595c5e346b775cec94aeb508388251426e7084ffd4a53

    • SHA512

      4881145f989cb92a94260652f19555f5be8bbd6f7e179d8a8dcfd3ee382e69c691e526c4462f8aba1c210ba9637e7681b456bffa6151d93257b4718e46f1569e

    Score
    7/10
    spyware

    • Drops startup file

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral137behavioral138

    • Target

      Purchase order.exe

    • Size

      1.6MB

    • MD5

      783ad86b833161eb9575bba70db75d35

    • SHA1

      b1127e07dad448e80283db5d83ae5a8c3f1f09ad

    • SHA256

      9ae747d8f3cef1d8b365a20227fbb6cd97c4896f6410521d599b9fce3f3514a2

    • SHA512

      bdc8827b06fbd43ab7066960ca72c9f2a9e246e13835fc25cf7e9f15ac140d4f4c92acb16ffa6cc514eaccdc8b92989c1c0adde5ed4df18c79f2e6a758ca5bbf

    Score
    7/10
    spyware

    • Drops startup file

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral139behavioral140

    • Target

      QUOTATION.Pdf.exe

    • Size

      1.6MB

    • MD5

      28473f55a28ac4baed82977742d9db94

    • SHA1

      7563a14acef17b03d3e1b4980c184a9a62b09b97

    • SHA256

      8b4e5efdcd1483e96c1434c9863423daa803fea3b82e6b12f1c9e3a26930b465

    • SHA512

      55b9e43d6e822a04c334045b79fdbda9c5e4accdacb0f1b823ecd3481b482475197e19224a39ff6a00ab4590f2fb07cae268327a636de413923c519d49c0ddae

    Score
    8/10
    persistencespywareevasion

    • Disables Task Manager via registry modification

      evasion

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral141behavioral142

    • Target

      Quotation.exe

    • Size

      405KB

    • MD5

      9b9f273b57dd5f650f6f5249a0edb1db

    • SHA1

      2478fbd3d08c8dfb21114f54ffe3d50cc968ad4c

    • SHA256

      92ffba470030ac777381a2cc413bff0212454ff5d8bfdbd6ea21a9bcf8434382

    • SHA512

      94e3fa46da276b64d4b4162bda4c322b3ee5fc488faeb6d12bfd01b294039fd60745bd3723c4ffa57a432d69fae66fd54561db2527c23d898ce77cca8b970fb3

    Score
    7/10
    evasiontrojan

    • Deletes itself

    • Program crash

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral143behavioral144

    • Target

      RFQ2901202066455343.exe

    • Size

      76KB

    • MD5

      be4aafc0bb1b1108fd43c52d23f7bc82

    • SHA1

      058ef7378000cd15d93e3e3dabec76a74e50d1f7

    • SHA256

      84a52d8714b6e93f7361b6884e2c292d2768d583e2f01cb3eda25d7bda701eff

    • SHA512

      20a649b338c36d2baf586efddfb9c416818bec38de25c4f8e7f567fecaa6211cedbcd2e045be99ede6e3e2dd188115e7f58722519ea74478ab453a69e1beb647

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral145behavioral146

    • Target

      Revised_PO#SF389201.exe

    • Size

      2.1MB

    • MD5

      2736e79feb2384f61330cdbab2fb44f7

    • SHA1

      469b3ee1e5587b992f33ab421f9144ec678731dd

    • SHA256

      651d0b63148a26279e236510827a5ed47f30a356aeaeff7df4c7681f1770e978

    • SHA512

      5ce77a50c6bf3e92696b4e7a37b7f8a855c083aa2a242f185ff695d0a4c281b13a16e0ebed721528763a5dbb4b97ab8141281bcc0af0c8abceaa307198caef36

    Score
    10/10
    spywarekeyloggertrojanstealerhawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enchanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Drops startup file

    • Uses the VBS compiler for execution

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral147behavioral148

    • Target

      SEA LONGITUDE NOR tendered at Lubuk Gaung - CASH TO MASTER.exe

    • Size

      1.1MB

    • MD5

      73f1fab19d7a1c692494f55b676e3868

    • SHA1

      27b0e5de8842d3077f60ee923b71300d783cc152

    • SHA256

      93908493a1daeff5f7d50768ab00af291cba29e900cbd08234729785cbd7a07e

    • SHA512

      5c2d2c85302423b58eb8e387b48134c0859211d528357595c9e60d1469585953ab636a3159864296e0c03cc3e034a1c99928100b36e2615a472085cab42a5972

    Score
    1/10
    behavioral149behavioral150

    • Target

      SHIPPING PO=00000301076.exe

    • Size

      60KB

    • MD5

      38390ce62f008b80d9f6f4876f6b9faa

    • SHA1

      1f3bd6742b87deba518d68d6ccd302c3a849034d

    • SHA256

      b93d19f76c76044025ef401330ec4585b3b866b2176aa5b586a3dad7c5d2f173

    • SHA512

      aedfdd1b7b6011f671607ed553b65136699927a5afa4d7dce399d8835a94c64873372326dba9684430080e1874fd107e8cf35cadd64250a4b7772fcb145bf6d2

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral151behavioral152

    • Target

      SKM_C3350191107102300.exe

    • Size

      116KB

    • MD5

      921bbc9e6ea8a25d234da6734e78818f

    • SHA1

      0d56d1b7d7d33885bd69cd16a691f42e809762ca

    • SHA256

      5ae54aadd5c53af5b5a7794b15f52ff44860b1e215afa69ff31d0fc8d5b2e576

    • SHA512

      bd89bc8ae32cb26f709692547cae2e58cdc73e7bc798f815848ecb52110c9b206aece5be79c268a54ed4eed3814d2be91f9149f8d8d8e8d5126f578d42ec52b5

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral153behavioral154

    • Target

      SOA DEC 2019.exe

    • Size

      188KB

    • MD5

      f61e3dca5ff2b5ea83ee8f8fd4fe77f4

    • SHA1

      7218bb3861c785405673340f2edca8bc16d691ad

    • SHA256

      047b9ea81bdc2d6ed688ab7dae689a7a1cef5e4c1669c78e27771313519c9beb

    • SHA512

      2f8f87bf79ad10c2227435429ee451e12012b8c5ea3a5c485bc54b29572117ab07ff01a8de2221ad2c7f09fa726ef5a88ea9e19fb864b2fea7310000d443386e

    Score
    7/10

    • Program crash

    behavioral155behavioral156

    • Target

      SOA JAN 2020.exe

    • Size

      72KB

    • MD5

      c4621eec483d53149a3be009e66feff7

    • SHA1

      c5156341e4726e5a11a536146506af62ed3e62bd

    • SHA256

      ab7049214198281d0effceb67875bebbbc022a55f9e6a2960ac71b0c1f2acebe

    • SHA512

      320515628b7e48c5899a44f5ec59a937c6e6e6d5f4baaafbfdff0e6fbdb56d91ec096a1e573d55873ff1d43ea91fff2a54716059fba1ee7cd69cd74ba5a6cd7d

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral157behavioral158

    • Target

      SOA.exe

    • Size

      1.3MB

    • MD5

      4e39d2a9aa431a6f1ed31674cd1aad27

    • SHA1

      c868dabd527f1aee1cd0ebc48b580cc8e8a25830

    • SHA256

      3aa51102e88c3aa108f9908122fdf80400d4886fecd1e26ce3b62f75536b4c34

    • SHA512

      5cf9ea25bcadc28289f64daa75725696506d60110e751ca8d620bee52c11efc1528247ba9fbd5e11561562099d8046a162fbf10bbee1c84ef55e1f45bbcaeaea

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral159behavioral160

    • Target

      SP3-139-V128 ORDER.exe

    • Size

      623KB

    • MD5

      ada6dac710065598c4c5be654823cfa8

    • SHA1

      cc5ca7f098b329a5045678b19cb13febbe30ab9e

    • SHA256

      780de9dbdc4a6adf0fc709f365715fcc86f40a675834a3ba602ff11e20f72505

    • SHA512

      ccd4011b1a8f9b893096c53ef0caede2fe34faf059db41cb455f3a1be864c55620620d4a2bf26f3b9924218b2fff7b9ed7f88262fe724b5ece53c15748146ed1

    Score
    8/10
    persistencespyware

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Program crash

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral161behavioral162

    • Target

      Scan 50%_swiftoutput098765456789.exe

    • Size

      1.6MB

    • MD5

      ae939de5ff91fcb9db17bcc9121bed5e

    • SHA1

      e61ba367d2165b0963e700409f0bf8d567121752

    • SHA256

      a70ae62ae209951184eba542fa809e365eaa18b2eb26d6d5f03d831da2f40fcc

    • SHA512

      5a5edc8e7bc88d45c4e4f2d36a723f8a117600f4b931096c3f5930e04011c1883fe9f9e541bd23aebd6067e242fa0ca5c3979804fb25cf881fa74b9f49457e01

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral163behavioral164

    • Target

      Shipment Details.exe

    • Size

      601KB

    • MD5

      abe67b930c84bf8e4b5fbbde7246d269

    • SHA1

      bbccb3810d57312cf780a9601dbb6729ea6b7c8e

    • SHA256

      8d871d30dd3aa34ea57dafdc8114ee5d1cb6b4eb243029903ad077a2d1547988

    • SHA512

      e160805c6ea1cb5dba40145f713a9f9975b767823ba88f0f9fefde38730fdefceb13198a0d4cd4393d0c925a05142c10f7a3b6ae8080d83f67e2b62568e01632

    Score
    10/10
    persistencekeyloggertrojanstealerspywarehawkeyeevasion

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run entry to start application

      persistence

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral165behavioral166

    • Target

      Shipping Doc-01022020 .PDF (212KB).exe

    • Size

      693KB

    • MD5

      6a7bd993142f0de6a069bcff959ba7ad

    • SHA1

      41ec5d3eb170af5d8625b92d0c748d4a6baab660

    • SHA256

      4531d5a0bcce306676d56047a62ba4ac0738f9e82843ff574c5fde8b6de73988

    • SHA512

      15ffecea16046bdf1ccfea3f3aa18976f08e4a62bb3c48143b7a93e0fb9c6009b435773a327852db0fe2b3b98937e919ab5f356f7c82a3b3d1b40e92d6919995

    Score
    1/10
    behavioral167behavioral168

    • Target

      Shipping invoice for Balance Pymt..exe

    • Size

      116KB

    • MD5

      1e3b9f7066b9ebe2c291cb8e7a7a1197

    • SHA1

      052270876500dd6557eb0768fd836658e1e5f068

    • SHA256

      2e8ac1e0ab2191412683e0d9923320a8580d09779084238b8e51f85f7ea2ef3b

    • SHA512

      593d04d6aff13d6baa561229ab3b69d74f3c181b6472ce9d70ba82059f041f66f28fc6bdd7db25f1b2ebb4dc4589497121fbb3840ccb57e56a862f8973ee3b00

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral169behavioral170

    • Target

      Swift copy.exe

    • Size

      120KB

    • MD5

      0c303a82a5ae59f7cc83b7524d8c76d0

    • SHA1

      5f7c20ec12acff0d3f830393d33d700f055bd45e

    • SHA256

      afa5efe5ad212d3b91143fdca1763c4674c4863241304d0dcf203cd05baeb308

    • SHA512

      7165b9519645de20b3f070141cb6ffb5ec42e6320fb322a7d0a971234503aa97c3bc5706fd9272905e0ddaee476807fc8183cdf2414b7e85a17e515c4e10c1f8

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral171behavioral172

    • Target

      Swift.exe

    • Size

      72KB

    • MD5

      3bc5e90b0af824f86cd18fe421d6b646

    • SHA1

      fc7e105427764d69efd7e28b59a84cefa7649444

    • SHA256

      6aad3b3ee606cf2b24d770660b87df9b8ffa8fcc5e7d403528f31cc7d52e5fc0

    • SHA512

      c6c47452eb26e6f3f871a8315f83672d7bc8b51ec01b3ba5284a0f9b76676d2ccc68f61f2197bb6c58a2342849d295c36a4458fa3b77da787138225affa437f6

    Score
    10/10
    trojanspywarestealerlokibotpersistence

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral173behavioral174

    • Target

      TT COPY.exe

    • Size

      1.1MB

    • MD5

      7ef34e8344c39ba352aa351c97111341

    • SHA1

      396833acbed3f59fcf1c305398cb67dbd19a9d11

    • SHA256

      71bbbf6dfdb1388f8226973a726747b5389d2da97e08d56193d3922b0c9a303f

    • SHA512

      3e6e303edab618794dcb12933a422c2367bfbd2216d776a9e20fc92893aba0263a56cdb82b9594472f4070ec2ebd2f317825bad1cd39b65c53f1157404862319

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral175behavioral176

    • Target

      TT Statement.exe

    • Size

      1.6MB

    • MD5

      39735cc747ae6847813575d622acf8e8

    • SHA1

      991ff20b37cf1d6e6080f69a93ccd4cfe84f6d62

    • SHA256

      053dc383bb65d39cdf4cb73c0f53f26e9ae85c187a735d2c9068490729db0058

    • SHA512

      7b565aab4f624e4bfabb5eb6f71b993710bf4def1b564f9cb2ad77c5404491c85beaced117d9b7cd0d92ef701cd394d8c530e781cbdbe40227ae4e6b92013b71

    Score
    6/10
    persistencespyware

    • Adds Run entry to start application

      persistence

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral177behavioral178

    • Target

      The Original Copy.exe

    • Size

      852KB

    • MD5

      c041fe7ed5bb8631b6dc46615abee48d

    • SHA1

      164e9563ce97cffa3fc8e121c68dccf8ed4ce513

    • SHA256

      92d61e19134c056aa38098aec5d42666d31311ca6ce0a7e5d631542a15e05aeb

    • SHA512

      3697025b18a44c284d49d0b2109cb7fd7f506fc5e341d04fd2671f12760c68a19280938fcfd795142f77b9ed9e87aa4b9cf05f5f8d512e35e01636795ce20327

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enchanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Program crash

    • Uses the VBS compiler for execution

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral179behavioral180

    • Target

      UPDATE SOA USD-1227.41.exe

    • Size

      546KB

    • MD5

      f1551a581d0d13086bcc06fe1ea1525f

    • SHA1

      42b83d1667209a21853422b12cf42b221d6ee028

    • SHA256

      942a203ce43c29d15d8a53ce10161ea100773ea75b6af4751b87249b57b6170d

    • SHA512

      495924cb9c64a175cf921ea59982f04bcf0ccc7ae824c09b3514f20a8af66bcd76770b3d50efc5b76d814643d824fcb6bf4f95e3e935cbd4170a1a3fa11a3f04

    Score
    1/10
    behavioral181behavioral182

    • Target

      URGENT ENQUIRY.exe

    • Size

      1.2MB

    • MD5

      be7ab8c9e2564f8b05df58d6a72430ef

    • SHA1

      3bda77cad1ab255a8c5769772a502f4a0e1de27d

    • SHA256

      4448e0f70f39ccc4818199ca1197bdda12749d5347b259154e0cbe201e3fe097

    • SHA512

      3484fb9d47cfb318f1e3cdc0eb2ff952bf02b1cbe55da16ad7d7796cd9682591df8ee5d12bef4fdf382edf269dc923cfa3bc372ede59f7ab4b9df2c37a41e6dd

    Score
    1/10
    behavioral183behavioral184

    • Target

      Untitled_20120_160110-1.exe

    • Size

      188KB

    • MD5

      f61e3dca5ff2b5ea83ee8f8fd4fe77f4

    • SHA1

      7218bb3861c785405673340f2edca8bc16d691ad

    • SHA256

      047b9ea81bdc2d6ed688ab7dae689a7a1cef5e4c1669c78e27771313519c9beb

    • SHA512

      2f8f87bf79ad10c2227435429ee451e12012b8c5ea3a5c485bc54b29572117ab07ff01a8de2221ad2c7f09fa726ef5a88ea9e19fb864b2fea7310000d443386e

    Score
    7/10

    • Program crash

    behavioral185behavioral186

    • Target

      Unusual location & IP Address.exe

    • Size

      717KB

    • MD5

      9974e57c42c12c110f1e2f291ed2ba71

    • SHA1

      10f19b8b6f94c8efa10041ea57ebfdc6a868733d

    • SHA256

      7cf5cd426182d794d0ddbcc2f27e0d510bef9ba1c6fe6cb5f4dba4af00042aee

    • SHA512

      c2d4ed7fb33bdb7791bda74462d3cf896fae7dab2583b8458025f04e08237120921a0f517368f5f05964537ecf5abb33af7f2da0f803930bad6f3f1affed8f93

    Score
    1/10
    behavioral187behavioral188

    • Target

      bin_2CE6.exe

    • Size

      48KB

    • MD5

      930b4d39def17003a88edeffc5155e28

    • SHA1

      b34f75c49dc15c1bedd2cea2c1f5ae86d46681ac

    • SHA256

      c3df54ffda4e3999a50271a895c7a22f2c59db3ce34721ac69de657f2b076dc2

    • SHA512

      2ca707af06bfe2d65385d5c18f2e5d697c90c4991ab3da5e7f4b73ce88341aca5a0a34c360abe33e3fcdbdf303cb022458a35374c6563aceb41ad264cfbdce2a

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral189behavioral190

    • Target

      bin_4B66.exe

    • Size

      40KB

    • MD5

      025e251965cf07a80c38d49a143fa18d

    • SHA1

      e8e7e61f32938c281bf5832b0dbf14c1b43b35af

    • SHA256

      289b5c8d7976c11c0b10e839f5446708b09f7e6f8d52214b142b2c288c214737

    • SHA512

      0c7ab928b1789a2c5c10695b01c5daef9b4dbfece9ae2f4d01c1ee71a5ad02cbb2f5bd2ca8691a38505ade0e384bdc1e3287e060f015a8445c13e96ae6804436

    Score
    10/10
    spywareevasiontrojanpersistencestealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral191behavioral192

    • Target

      bin_C237.exe

    • Size

      48KB

    • MD5

      7fa0867ac912db103c5bf61e3437076f

    • SHA1

      b012325431e965c84ace7067ae2139d28bcfdbee

    • SHA256

      2c1fbd18094266151c1690e5e38b9d3684001d3ae8ab7258bb020962c96bd635

    • SHA512

      7a4eeb8497d3c45774faf21437be08145f1f7e0b60eea946718fb1f62189fd5b5f2006afc8f40c60ed55167e255923e4f7e4f6d7fd09b1a439900f2a07b4e3d3

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral193behavioral194

    • Target

      bin_protected_9DE6C1F.exe

    • Size

      104KB

    • MD5

      55a32eade6796158f2bd16520ad757ff

    • SHA1

      b7352d68f93a8b4bb4878c4b04cec880659ea4cc

    • SHA256

      137baad75e986fb890bd6735edd959163e4ec90517d4b48b5d86730542f8ffdd

    • SHA512

      fe481bc033168167caa32a45a49efe04601c830e30104b253aeb5ba5407112e096bd1683dbcbe48bbe27eaa2c3991974ed71cc3a3a0f1dc44f61c960ea0fc79e

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral195behavioral196

    • Target

      devis.exe

    • Size

      152KB

    • MD5

      e03bb0ad5f06bcd4a16b13d6e5669d39

    • SHA1

      63c4127567e1dc449461a12e0f25c23ee76c3b37

    • SHA256

      a8475f317fd6e1c353e7b178e19bd0c88e6bb79ee6d471bb75b9f267062121eb

    • SHA512

      73dc48ef023530e3a433e355f9d1f47e3b71bb9580e4a09fcfa4ffac4c8dcff3bfd4cfb2912bff9f239a3d6faa15d52d998ec92ec183dd2cff742f6796bae1f9

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral197behavioral198

    • Target

      dhl_doc7348255141.exe

    • Size

      1.4MB

    • MD5

      23d0e39833362f1835c5f90493ece0af

    • SHA1

      202050e7a414efe5bc9482fb6510f9549346ae78

    • SHA256

      9bc2c423c12a665c78719086870c55773b763e2eba774917416fb5d7a6c04cd1

    • SHA512

      497fe556965d941d6ff3fbf3a392d4cfd5a9eb5c44197af4e0a8387a3176ce84c81fe3ab27c547b010c1832fbdb1ca94ac70fb0df1334c3b153d8bbf71fe7f57

    Score
    6/10
    spyware

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral199behavioral200

    • Target

      documento.exe

    • Size

      345KB

    • MD5

      ef6234833189b74338dc23b61d1b9a64

    • SHA1

      45886666f46232532414e28291612399da397108

    • SHA256

      b8e08e5ac14a4bc5ac6f043f1c123c73dbd5f0178788830421e762ec877ec99d

    • SHA512

      0add534a58613e6fe9fa1e5f1cddd7097f71390585958fbedb697900074e2788fb38fa33ad825f4fb3705458986c6ea5d88492798e5977160116e4d8ed5584fd

    Score
    7/10
    persistence

    • Program crash

    • Adds Run entry to start application

      persistence
    behavioral201behavioral202

    • Target

      new order -85486.exe

    • Size

      72KB

    • MD5

      88f766972c5012050ec8803db8890ca4

    • SHA1

      6e31d6d334c7983d3255a2254399011388615cec

    • SHA256

      23bacf7c5823222ddd8a97eff6a8ffb75c642b44bb3a37fdabf371ab5687ddf5

    • SHA512

      b10a4b337091650b4a403f777b48e80e5f2ff95623ae4818fb8214f6f34f41596ef5cde9db1be481e8f3c5157400e58c9fb19c6c2db37242473b78a77dd31d4c

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral203behavioral204

    • Target

      payment 000012223.exe

    • Size

      144KB

    • MD5

      e3f6e24bd8596ff3998edd7b5d3dacff

    • SHA1

      85fcd1b4a3752ee22fb5f5e9157d5503a6c46525

    • SHA256

      b511ef8538b1b2cfc8e162b062ab837649bc724b0515ce39b84d9af1fb450df4

    • SHA512

      c8708b32e26b2aa8cf7026159aea59e1645b439d14e6e947f41855aea86c8aef92a9c3d63cc9455beecdc55eb71f5b1df9661f1c5fab15b669d8444d12d8d5a0

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral205behavioral206

    • Target

      po 23232 signed.exe

    • Size

      124KB

    • MD5

      65542ce984241635118cae51413d1fe5

    • SHA1

      809c8971899a4ef1ea27c34c081981fb6da6e7a5

    • SHA256

      9f6311ba74f2be5952ec91b7bc1509360e2019398204885f983b14fe3d6d1f86

    • SHA512

      b283cf59abab4c3ab6216e537a5288fea0a66132d9d7c8c87e61ab3b46817169c1166cf371c312ca972c6d03056852a9a3172ecf380272c608043b8bee038e55

    Score
    10/10
    spywareevasiontrojankeyloggerstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Uses the VBS compiler for execution

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral207behavioral208

    • Target

      products inquiry.exe

    • Size

      192KB

    • MD5

      f05c899ade7070e58ea77165a03c8ffe

    • SHA1

      08b4423905d93c46c829a16ff75c7c03167c7b4a

    • SHA256

      9f17fb22241adcd4979b802889fd971f9451574b3e1188b1e7bdb61577a3ceba

    • SHA512

      ef4bc20fcdf30894b1601618b6cd9900090ef602f33418dabe9b043ab988e1db3ee0b66c37318356a1b1d10cec6e158f1b2a6fe9910a8ff2731b3ab666fdcc6f

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral209behavioral210

    • Target

      products_inquiry.exe

    • Size

      124KB

    • MD5

      8bb4cfeb2a829f682a05ecab39bd6b98

    • SHA1

      5b47aa02b9db4546d2264df5872fec4c92a58a2f

    • SHA256

      49ca3bf09b293d4bdc883fe64317ac056e3e70ec409c267dad405815bd74186c

    • SHA512

      5fd9a679dbdfd0ebe2e9e8e15134b232ee59570abdf02e66d95fa7e525bfd4a7377472d7424470848bdf51d38cbfd40a678325e9cb26a98551a218b150fd1170

    Score
    6/10
    persistenceevasionspywaretrojan

    • Adds Run entry to start application

      persistence

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral211behavioral212

    • Target

      proforma invoice.exe

    • Size

      152KB

    • MD5

      a80811decc8fae32b6a0c6cd6b257c1e

    • SHA1

      20370582ebdf121b340b646751de3baa33ce1929

    • SHA256

      546779d37806b89f1b570569f295f7b4171b17c11468edfa162269219e598021

    • SHA512

      f00ea3b8fd7ce2346ae226b9f382c38233df154ca9a638e7a079e446858f3ec9be82367bd64da406783e9f1b10c843d01fe9664ea142438cec343d5d60ef404f

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral213behavioral214

    • Target

      purchase order RFQ-HL51L07..exe

    • Size

      2.1MB

    • MD5

      45480dabcb17d661e43aa96d72b8b890

    • SHA1

      ce58cc9824f3d1be5d19decbe9a31294b1cac0e2

    • SHA256

      be8be392bf3d62ab4294cff8db2d2a18f096ec8d2a60e0e9b4882a3d7ebd7533

    • SHA512

      c0d1f5a471fb1084554c59e9069a92dd79de48e2a642a47e1540b6b008ca6a5de0fc93b8cb2b8b7a707de74e6f48e915f37e7f8b9c02fa96c33bdafc37ca4b3f

    Score
    7/10
    spyware

    • Drops startup file

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral215behavioral216

    • Target

      shipping doc.exe

    • Size

      92KB

    • MD5

      43c0261e44c918095bf69056dce66543

    • SHA1

      1739b165b46f9f8812ae49ad079320ef4cb2fda2

    • SHA256

      6c6186e5788e396d0ec1670a9be4aff8a133ce5848db39898445c2dcfc10d2b3

    • SHA512

      6e53e45f2903b3a13ea929da540df53549919594c0b8a8b4c86d2b7f628f85e9a27c87423b074df860906c7733a0ef9ef501558ffa05db6d6b20736d823bd51a

    Score
    6/10
    evasionspywaretrojanpersistence

    • Adds Run entry to start application

      persistence

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral217behavioral218

    • Target

      statement of account.exe

    • Size

      144KB

    • MD5

      f6b69f73d623bc786ee5aa8485ae276d

    • SHA1

      fbbaca4fc491534da209d55d1ce4f7dc3100d6de

    • SHA256

      ec5b657dbf800404f60b1d210a5400cb673b25edc3ab97fc05a943a6ef5ed39d

    • SHA512

      27259b2340126981be7dd6c3ee08335e29c50ea95d012cb1272834cf37decf960340988e77e272f8e2b9335e138587dcd8afdc13f07d91430b2872e6e87f6ad3

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral219behavioral220

    • Target

      swift.exe

    • Size

      1.0MB

    • MD5

      1eeb57c0877a06d18aa028e87d5158b4

    • SHA1

      d086921faba08c2600d862b680b70a53a3bfb88e

    • SHA256

      d8c8496ad93779966bb498f8749bae4b6cdf2e1bd46c75a341e81a19fefde4a3

    • SHA512

      16303c9bcedbfe4c5d6c953e39a98014d7f355e1c6413f960094840fb9e7f581832cc54a0557cc81e3e212f48c82d6897bcbaa4bc3fdecb72043757349f153b1

    Score
    10/10
    persistencetrojanspywarestealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral221behavioral222

    • Target

      swiftcopy 433.exe

    • Size

      96KB

    • MD5

      41404e4fa9620f21decab207180884c7

    • SHA1

      a93367c039d9e85c898eba05e27b037c66167f8a

    • SHA256

      d85304978abda36fd1c3772ac7dbddb5a165ab52335dd11bd3dae89c8060b01f

    • SHA512

      7b7d0f0438d948bdd7ac47f17a0dd3296fbc115b017b1575819168d2e529d37d8e61d67cdaec916fe012f38c9acca99166032e292aef3577cccf998efddf3a8a

    Score
    10/10
    evasionspywaretrojankeyloggerstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Uses the VBS compiler for execution

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral223behavioral224

    • Target

      swiftcopy.exe

    • Size

      108KB

    • MD5

      67a1b212f7e957881af51f8f0c9d5e2d

    • SHA1

      b8fb77ea5ecb918191d070edc2c37adda1841206

    • SHA256

      1c47b4d34836ea312420046db6f7fe1e083d6198d273fe9ed0ada96d9db0403a

    • SHA512

      c758b16a95343dcad230d073df3b13a1c1782678bdcbeb1d528f0973ed58edcea77b66bb535687f2539ec228fb269444e24846355657a4ed44699bbe89d437b5

    Score
    10/10
    evasionspywaretrojankeyloggerstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Uses the VBS compiler for execution

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral225behavioral226

    • Target

      updated statement.exe

    • Size

      68KB

    • MD5

      46bbf5e855bc75bac0102f64ef89d020

    • SHA1

      9ae433aa63784d9ca7d614859bdd27fd1f377b68

    • SHA256

      f51c1470741a6272f90a147fc717bbbc8808a92107e7c16f7c1ff57c69ee2791

    • SHA512

      30072e2a142563d111d3671f055da9a9ed075ae9f6809bbb85136d923112d3b4e4d9d877f6fb470d0170823ef219e70a0400ef868e9454d340055e83aa5e0599

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral227behavioral228

    • Target

      w3TM24p.exe

    • Size

      3.7MB

    • MD5

      33501f2eb9d12ba36b37e49d8fea8cc8

    • SHA1

      115480567e118b1664bd9e618b0ec92b0719c781

    • SHA256

      e750b3e5e16c6bd9e9d10fdf6d9c276a0c3fc396aea17f24ebb06c931f3c553c

    • SHA512

      61b6133e47813c8365c1209bbaaa5a55905a25fa15320dc0910851777510c1f923cfc46ed151849c266f819e7f26c6c07010305c6b478593e68009a8ed5e847f

    Score
    1/10
    behavioral229behavioral230

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

10
T1064

Scheduled Task

2
T1053

Persistence

Registry Run Keys / Startup Folder

27
T1060

Scheduled Task

2
T1053

Privilege Escalation

Scheduled Task

2
T1053

Defense Evasion

Install Root Certificate

58
T1130

Modify Registry

95
T1112

Scripting

10
T1064

Credential Access

Credentials in Files

80
T1081

Discovery

System Information Discovery

6
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

80
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

Score
N/A

behavioral1

spyware
Score
7/10

behavioral2

spyware
Score
7/10

behavioral3

evasionspywaretrojan
Score
6/10

behavioral4

Score
5/10

behavioral5

spywareevasiontrojan
Score
6/10

behavioral6

evasionspywaretrojan
Score
6/10

behavioral7

spyware
Score
7/10

behavioral8

spyware
Score
7/10

behavioral9

evasionspywaretrojan
Score
6/10

behavioral10

evasionspywaretrojan
Score
6/10

behavioral11

evasionspywaretrojan
Score
6/10

behavioral12

evasionspywaretrojan
Score
6/10

behavioral13

Score
5/10

behavioral14

Score
5/10

behavioral15

persistencespyware
Score
6/10

behavioral16

persistencespyware
Score
6/10

behavioral17

persistencespywareevasiontrojan
Score
8/10

behavioral18

trojanspywarestealerformbookevasionpersistence
Score
10/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

evasiontrojanspywarepersistence
Score
7/10

behavioral22

evasionspywaretrojanpersistence
Score
8/10

behavioral23

evasionspywaretrojan
Score
6/10

behavioral24

evasionspywaretrojan
Score
6/10

behavioral25

evasionspywaretrojan
Score
6/10

behavioral26

evasionspywaretrojan
Score
6/10

behavioral27

persistence
Score
6/10

behavioral28

persistence
Score
6/10

behavioral29

evasionspywaretrojan
Score
6/10

behavioral30

evasionspywaretrojan
Score
6/10

behavioral31

Score
7/10

behavioral32

Score
7/10

behavioral33

evasionspywaretrojan
Score
6/10

behavioral34

evasionspywaretrojan
Score
6/10

behavioral35

spyware
Score
6/10

behavioral36

spyware
Score
6/10

behavioral37

keyloggertrojanstealerspywarehawkeye_reborn
Score
10/10

behavioral38

Score
7/10

behavioral39

Score
1/10

behavioral40

Score
1/10

behavioral41

Score
5/10

behavioral42

Score
5/10

behavioral43

evasionspywaretrojan
Score
6/10

behavioral44

evasionspywaretrojan
Score
6/10

behavioral45

evasionspywaretrojan
Score
6/10

behavioral46

evasionspywaretrojan
Score
6/10

behavioral47

evasionspywaretrojan
Score
6/10

behavioral48

evasionspywaretrojan
Score
6/10

behavioral49

spywarepersistence
Score
7/10

behavioral50

persistencespyware
Score
7/10

behavioral51

spyware
Score
6/10

behavioral52

evasionspywaretrojan
Score
6/10

behavioral53

Score
7/10

behavioral54

Score
7/10

behavioral55

Score
7/10

behavioral56

Score
7/10

behavioral57

spyware
Score
8/10

behavioral58

spyware
Score
8/10

behavioral59

evasionspywaretrojan
Score
6/10

behavioral60

spywareevasiontrojan
Score
6/10

behavioral61

Score
7/10

behavioral62

ransomware
Score
8/10

behavioral63

persistencespyware
Score
6/10

behavioral64

persistencespyware
Score
6/10

behavioral65

evasionspywaretrojan
Score
6/10

behavioral66

evasionspywaretrojan
Score
6/10

behavioral67

evasionspywaretrojan
Score
6/10

behavioral68

evasionspywaretrojan
Score
6/10

behavioral69

evasionspywaretrojanpersistence
Score
6/10

behavioral70

evasionspywaretrojanpersistence
Score
6/10

behavioral71

spyware
Score
6/10

behavioral72

spyware
Score
6/10

behavioral73

evasionspywaretrojan
Score
6/10

behavioral74

evasionspywaretrojan
Score
6/10

behavioral75

persistence
Score
8/10

behavioral76

persistencespyware
Score
8/10

behavioral77

Score
8/10

behavioral78

Score
8/10

behavioral79

keyloggertrojanstealerspywarehawkeye_reborn
Score
10/10

behavioral80

spywarekeyloggertrojanstealerhawkeye_reborn
Score
10/10

behavioral81

evasionspywaretrojan
Score
6/10

behavioral82

evasionspywaretrojan
Score
6/10

behavioral83

trojanspywarestealerlokibot
Score
10/10

behavioral84

trojanspywarestealerlokibot
Score
10/10

behavioral85

evasionspywaretrojan
Score
6/10

behavioral86

evasionspywaretrojan
Score
6/10

behavioral87

Score
1/10

behavioral88

trojanspywarestealerlokibot
Score
10/10

behavioral89

persistencespywareevasion
Score
8/10

behavioral90

spywareevasionpersistence
Score
8/10

behavioral91

evasionspywaretrojan
Score
6/10

behavioral92

evasionspywaretrojan
Score
6/10

behavioral93

spywareevasiontrojanpersistencestealerformbook
Score
10/10

behavioral94

spywarepersistencetrojanstealerformbook
Score
10/10

behavioral95

spywareevasiontrojan
Score
6/10

behavioral96

evasionspywaretrojan
Score
6/10

behavioral97

evasionspywaretrojan
Score
6/10

behavioral98

evasionspywaretrojan
Score
6/10

behavioral99

evasionspywaretrojan
Score
6/10

behavioral100

evasionspywaretrojan
Score
6/10

behavioral101

spyware
Score
6/10

behavioral102

spyware
Score
6/10

behavioral103

Score
5/10

behavioral104

Score
5/10

behavioral105

evasionspywaretrojan
Score
6/10

behavioral106

evasionspywaretrojan
Score
6/10

behavioral107

evasionspywaretrojan
Score
6/10

behavioral108

evasionspywaretrojan
Score
6/10

behavioral109

persistence
Score
7/10

behavioral110

persistence
Score
7/10

behavioral111

evasionspywaretrojan
Score
6/10

behavioral112

evasionspywaretrojan
Score
6/10

behavioral113

spywareevasiontrojan
Score
6/10

behavioral114

evasionspywaretrojan
Score
6/10

behavioral115

trojanspywarestealerlokibotevasion
Score
10/10

behavioral116

evasionspywaretrojanstealerlokibot
Score
10/10

behavioral117

evasionspywaretrojankeyloggerstealerhawkeye
Score
10/10

behavioral118

spywareevasiontrojankeyloggerstealerhawkeye
Score
10/10

behavioral119

evasionspywaretrojan
Score
6/10

behavioral120

evasionspywaretrojan
Score
6/10

behavioral121

persistencespywareevasiontrojan
Score
6/10

behavioral122

evasionspywaretrojanpersistence
Score
6/10

behavioral123

spywarepersistencekeyloggertrojanstealerhawkeye
Score
10/10

behavioral124

persistencekeyloggertrojanstealerspywarehawkeye
Score
10/10

behavioral125

Score
7/10

behavioral126

trojanspywarestealerlokibot
Score
10/10

behavioral127

persistencespyware
Score
6/10

behavioral128

persistencespyware
Score
6/10

behavioral129

evasionspywaretrojan
Score
6/10

behavioral130

evasionspywaretrojan
Score
6/10

behavioral131

evasionspywaretrojan
Score
6/10

behavioral132

evasionspywaretrojan
Score
6/10

behavioral133

evasionspywaretrojan
Score
6/10

behavioral134

evasionspywaretrojan
Score
6/10

behavioral135

persistence
Score
8/10

behavioral136

persistence
Score
8/10

behavioral137

spyware
Score
7/10

behavioral138

spyware
Score
7/10

behavioral139

spyware
Score
7/10

behavioral140

spyware
Score
7/10

behavioral141

persistencespywareevasion
Score
8/10

behavioral142

spywareevasionpersistence
Score
8/10

behavioral143

evasiontrojan
Score
7/10

behavioral144

Score
7/10

behavioral145

evasionspywaretrojan
Score
6/10

behavioral146

Score
5/10

behavioral147

spywarekeyloggertrojanstealerhawkeye_reborn
Score
10/10

behavioral148

spywarekeyloggertrojanstealerhawkeye_reborn
Score
10/10

behavioral149

Score
1/10

behavioral150

Score
1/10

behavioral151

evasionspywaretrojan
Score
6/10

behavioral152

evasionspywaretrojan
Score
6/10

behavioral153

evasionspywaretrojan
Score
6/10

behavioral154

evasionspywaretrojan
Score
6/10

behavioral155

Score
1/10

behavioral156

Score
7/10

behavioral157

evasionspywaretrojan
Score
6/10

behavioral158

evasionspywaretrojan
Score
6/10

behavioral159

spyware
Score
6/10

behavioral160

spyware
Score
6/10

behavioral161

persistencespyware
Score
8/10

behavioral162

persistencespyware
Score
8/10

behavioral163

spyware
Score
6/10

behavioral164

spyware
Score
6/10

behavioral165

persistencekeyloggertrojanstealerspywarehawkeyeevasion
Score
10/10

behavioral166

keyloggertrojanstealerspywarehawkeyepersistence
Score
10/10

behavioral167

Score
1/10

behavioral168

Score
1/10

behavioral169

evasionspywaretrojan
Score
6/10

behavioral170

evasionspywaretrojan
Score
6/10

behavioral171

evasionspywaretrojan
Score
6/10

behavioral172

evasionspywaretrojan
Score
6/10

behavioral173

trojanspywarestealerlokibotpersistence
Score
10/10

behavioral174

trojanspywarestealerlokibotpersistence
Score
10/10

behavioral175

evasionspywaretrojan
Score
6/10

behavioral176

evasionspywaretrojan
Score
6/10

behavioral177

persistencespyware
Score
6/10

behavioral178

persistencespyware
Score
6/10

behavioral179

keyloggertrojanstealerspywarehawkeye_reborn
Score
10/10

behavioral180

Score
7/10

behavioral181

Score
1/10

behavioral182

Score
1/10

behavioral183

Score
1/10

behavioral184

Score
1/10

behavioral185

Score
1/10

behavioral186

Score
7/10

behavioral187

Score
1/10

behavioral188

Score
1/10

behavioral189

Score
5/10

behavioral190

evasionspywaretrojan
Score
6/10

behavioral191

spywareevasiontrojanpersistence
Score
8/10

behavioral192

persistencetrojanspywarestealerformbook
Score
10/10

behavioral193

Score
5/10

behavioral194

evasionspywaretrojan
Score
6/10

behavioral195

Score
5/10

behavioral196

evasionspywaretrojan
Score
6/10

behavioral197

Score
5/10

behavioral198

Score
5/10

behavioral199

spyware
Score
6/10

behavioral200

spyware
Score
6/10

behavioral201

persistence
Score
7/10

behavioral202

persistence
Score
7/10

behavioral203

evasionspywaretrojan
Score
6/10

behavioral204

evasionspywaretrojan
Score
6/10

behavioral205

evasionspywaretrojan
Score
6/10

behavioral206

evasionspywaretrojan
Score
6/10

behavioral207

spywareevasiontrojankeyloggerstealerhawkeye
Score
10/10

behavioral208

spywareevasiontrojankeyloggerstealerhawkeye
Score
10/10

behavioral209

evasionspywaretrojan
Score
6/10

behavioral210

evasionspywaretrojan
Score
6/10

behavioral211

persistenceevasionspywaretrojan
Score
6/10

behavioral212

evasionspywaretrojanpersistence
Score
6/10

behavioral213

evasionspywaretrojan
Score
6/10

behavioral214

evasionspywaretrojan
Score
6/10

behavioral215

spyware
Score
7/10

behavioral216

spyware
Score
7/10

behavioral217

evasionspywaretrojanpersistence
Score
6/10

behavioral218

evasionspywaretrojanpersistence
Score
6/10

behavioral219

evasionspywaretrojan
Score
6/10

behavioral220

evasionspywaretrojan
Score
6/10

behavioral221

persistencetrojanspywarestealerlokibot
Score
10/10

behavioral222

persistencetrojanspywarestealerlokibot
Score
10/10

behavioral223

evasionspywaretrojankeyloggerstealerhawkeye
Score
10/10

behavioral224

evasionspywaretrojankeyloggerstealerhawkeye
Score
10/10

behavioral225

evasionspywaretrojankeyloggerstealerhawkeye
Score
10/10

behavioral226

evasionspywaretrojankeyloggerstealerhawkeye
Score
10/10

behavioral227

evasionspywaretrojan
Score
6/10

behavioral228

evasionspywaretrojan
Score
6/10

behavioral229

Score
1/10

behavioral230

Score
1/10