General
-
Target
Pictures.jpg.scr
-
Size
710KB
-
Sample
200716-2mgnrbemma
-
MD5
281198c4b0cf5277fb57896af997ada3
-
SHA1
3066e53d111ee159ece9ecd4edc977a1a38decc5
-
SHA256
6e9b80abff99f9ce1d477c30f23c7ab327c1d5fef3edda5f68497aacd35ae03b
-
SHA512
334e2cc90289c1a79fdbbd115397a1a6f888aa370f9059ef3783fe984f6e844cac1615a41932c458a2cab24e39d7a0cb81cd5cb8465e9c18056b879095f118b8
Malware Config
Targets
-
-
Target
Pictures.jpg.scr
-
Size
710KB
-
MD5
281198c4b0cf5277fb57896af997ada3
-
SHA1
3066e53d111ee159ece9ecd4edc977a1a38decc5
-
SHA256
6e9b80abff99f9ce1d477c30f23c7ab327c1d5fef3edda5f68497aacd35ae03b
-
SHA512
334e2cc90289c1a79fdbbd115397a1a6f888aa370f9059ef3783fe984f6e844cac1615a41932c458a2cab24e39d7a0cb81cd5cb8465e9c18056b879095f118b8
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-