General
-
Target
z7ZJdF1SfMKAp6L.exe
-
Size
397KB
-
Sample
200608-zlfqqz2dax
-
MD5
e1939d61d59909862e2b058d96fe0789
-
SHA1
f95a110dee743c3d33aa737fbb164c7148c9248c
-
SHA256
a4b07204b33173093041072e00e88d0083c88b88f634561aabe46ec8992f9332
-
SHA512
58063d064a8cd919ef59e9a5d5989ffd615e6d1905291f84864a0684d45772abbbd19701251bd5790df7a28969229df219f8ac038033bab3f99250b475adc769
Malware Config
Targets
-
-
Target
z7ZJdF1SfMKAp6L.exe
-
Size
397KB
-
MD5
e1939d61d59909862e2b058d96fe0789
-
SHA1
f95a110dee743c3d33aa737fbb164c7148c9248c
-
SHA256
a4b07204b33173093041072e00e88d0083c88b88f634561aabe46ec8992f9332
-
SHA512
58063d064a8cd919ef59e9a5d5989ffd615e6d1905291f84864a0684d45772abbbd19701251bd5790df7a28969229df219f8ac038033bab3f99250b475adc769
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-