General
-
Target
6f315f335430f24f4a3b3d77eeff2768
-
Size
1.1MB
-
Sample
201117-h5bglnz77n
-
MD5
14fe230f7e75a3c658cc50c40e6d196f
-
SHA1
c4b958687b4896a0ad73070e0cbf2ad040a44146
-
SHA256
3f9a47d545d4cf2d428c713f2cc96bc53236ea11b79b1c9a8daabbf0c944cf9c
-
SHA512
a6a82c996704557acce8980a19aa9990dbbaef993f6428b1b4297eb4e54816f3b481388e03c2e877a9f9123dabfd293b2e6e481a138cae7e4b7f775a654540e4
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
6f315f335430f24f4a3b3d77eeff2768
-
Size
1.1MB
-
MD5
14fe230f7e75a3c658cc50c40e6d196f
-
SHA1
c4b958687b4896a0ad73070e0cbf2ad040a44146
-
SHA256
3f9a47d545d4cf2d428c713f2cc96bc53236ea11b79b1c9a8daabbf0c944cf9c
-
SHA512
a6a82c996704557acce8980a19aa9990dbbaef993f6428b1b4297eb4e54816f3b481388e03c2e877a9f9123dabfd293b2e6e481a138cae7e4b7f775a654540e4
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-