General
-
Target
INV001.exe
-
Size
2.0MB
-
Sample
200312-t9kkebmalj
-
MD5
c30f96608053c958da9b1174ce71b000
-
SHA1
ddb1ac016525336bdde4dabbdfc51868da00d652
-
SHA256
c9686db7d064daa4032a757698c937f4e781c2201d223448c7b6ad2edff6eb0b
-
SHA512
cb9767853b7972486084c4d25c665910d44b677eab0a13538ed73e0d1e22e4c71bbffa87d02e6206efa6874c3f5460ea623fc41d4074b99908a73e551fa5b617
Static task
static1
Behavioral task
behavioral1
Sample
INV001.exe
Resource
win7v200217
Behavioral task
behavioral2
Sample
INV001.exe
Resource
win10v200217
Malware Config
Targets
-
-
Target
INV001.exe
-
Size
2.0MB
-
MD5
c30f96608053c958da9b1174ce71b000
-
SHA1
ddb1ac016525336bdde4dabbdfc51868da00d652
-
SHA256
c9686db7d064daa4032a757698c937f4e781c2201d223448c7b6ad2edff6eb0b
-
SHA512
cb9767853b7972486084c4d25c665910d44b677eab0a13538ed73e0d1e22e4c71bbffa87d02e6206efa6874c3f5460ea623fc41d4074b99908a73e551fa5b617
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enchanced version of the HawkEye malware kit.
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-