Overview

overview

10

Static

static

Bankbezahlung.exe

windows7_x64

10

Bankbezahlung.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bankbezahlung.exe

  • Size

    573KB

  • Sample

    200708-s3s5ev8af6

  • MD5

    84494d35a46049ad36829734d16d7e77

  • SHA1

    7f4ec85cf33a4d8f222cf4c05a1e541d031b1f12

  • SHA256

    fa718d4b3b40365a1b8c2f88bdeed0314584aded478027b1ada83803dbda263d

  • SHA512

    75ab4149f7c22ca1c92dd2d797763adebea29228b5327a279fa354852108a158852888e346d8b9630a9323866fabd867491e89e4bf6b10ff1bfec73a83df0202

Score
10/10
hawkeyekeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Bankbezahlung.exe

    • Size

      573KB

    • MD5

      84494d35a46049ad36829734d16d7e77

    • SHA1

      7f4ec85cf33a4d8f222cf4c05a1e541d031b1f12

    • SHA256

      fa718d4b3b40365a1b8c2f88bdeed0314584aded478027b1ada83803dbda263d

    • SHA512

      75ab4149f7c22ca1c92dd2d797763adebea29228b5327a279fa354852108a158852888e346d8b9630a9323866fabd867491e89e4bf6b10ff1bfec73a83df0202

    Score
    10/10
    keyloggertrojanstealerspywarehawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks