General
-
Target
invoice 546787652355666666544333234555.exe
-
Size
2.1MB
-
Sample
200410-rk4yq5pkg6
-
MD5
d7ab129d6d152cc9f84c8e8ab59f3ef4
-
SHA1
623c490e874aff8e6e6a5813ab87e3faf0be38a3
-
SHA256
4da820dc5b8b59fa5e8567477768de1cb71bd42969a56b70fa08f56309cbb89d
-
SHA512
f0fe4e9e792560214208d1d49ece23eb15e2f1d85783ed135bb2502eb495f83eab3083567a40b23a6ace5ac03aef335e69be16db6ec397e9d15f472f2ea57a65
Static task
static1
Behavioral task
behavioral1
Sample
invoice 546787652355666666544333234555.exe
Resource
win7v200217
Behavioral task
behavioral2
Sample
invoice 546787652355666666544333234555.exe
Resource
win10v200217
Malware Config
Targets
-
-
Target
invoice 546787652355666666544333234555.exe
-
Size
2.1MB
-
MD5
d7ab129d6d152cc9f84c8e8ab59f3ef4
-
SHA1
623c490e874aff8e6e6a5813ab87e3faf0be38a3
-
SHA256
4da820dc5b8b59fa5e8567477768de1cb71bd42969a56b70fa08f56309cbb89d
-
SHA512
f0fe4e9e792560214208d1d49ece23eb15e2f1d85783ed135bb2502eb495f83eab3083567a40b23a6ace5ac03aef335e69be16db6ec397e9d15f472f2ea57a65
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-