Overview

overview

10

Static

static

HSBC BANK LETTER.exe

windows7_x64

10

HSBC BANK LETTER.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC BANK LETTER.exe

  • Size

    722KB

  • Sample

    200415-dwddqntbhn

  • MD5

    c9f3af24ebda7a1bcaa94dc81156cf45

  • SHA1

    14dff67f355616a09733afabff2cf836bf9ebe52

  • SHA256

    07236ee497bab6187ef9e5ea42f6a184a9bb32030b50d88f251a449b03890305

  • SHA512

    719cfafe427d48211d4364954ac40bc714409b8b7a1b84cac8c208491daeee47418f25dd18b94800330485ed764539e0c62360913f59a04d44f3f87605f22663

Score
10/10
hawkeye_rebornkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      HSBC BANK LETTER.exe

    • Size

      722KB

    • MD5

      c9f3af24ebda7a1bcaa94dc81156cf45

    • SHA1

      14dff67f355616a09733afabff2cf836bf9ebe52

    • SHA256

      07236ee497bab6187ef9e5ea42f6a184a9bb32030b50d88f251a449b03890305

    • SHA512

      719cfafe427d48211d4364954ac40bc714409b8b7a1b84cac8c208491daeee47418f25dd18b94800330485ed764539e0c62360913f59a04d44f3f87605f22663

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye_reborn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks