General
-
Target
nfvwZ5fTwVu1ZFr.exe
-
Size
244KB
-
Sample
200504-6qtcd8q7wa
-
MD5
a1eeeb20ef5d7c2d3393559a84d6a033
-
SHA1
9342600fe28f23bbd091016deb388d6b6e37569d
-
SHA256
517d8b2852f709db4e9899576e5e1b1b848427b7e0829a7f918a6dc8875772b9
-
SHA512
c7521e22f8d8082e0ad8c1c482c21e9acc02babf8f99151125b291b6bc163f097e8921f3b2bc89b58b8b2a28582b84481cca092ae5119cfb5274684e558b8e73
Static task
static1
Behavioral task
behavioral1
Sample
nfvwZ5fTwVu1ZFr.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
nfvwZ5fTwVu1ZFr.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
nfvwZ5fTwVu1ZFr.exe
-
Size
244KB
-
MD5
a1eeeb20ef5d7c2d3393559a84d6a033
-
SHA1
9342600fe28f23bbd091016deb388d6b6e37569d
-
SHA256
517d8b2852f709db4e9899576e5e1b1b848427b7e0829a7f918a6dc8875772b9
-
SHA512
c7521e22f8d8082e0ad8c1c482c21e9acc02babf8f99151125b291b6bc163f097e8921f3b2bc89b58b8b2a28582b84481cca092ae5119cfb5274684e558b8e73
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-