General
-
Target
Payment Advice GLV225445686.exe
-
Size
708KB
-
Sample
210225-6j1mlvane2
-
MD5
757844785304a9b94d0f994b24a2f177
-
SHA1
4d01dcfa4292530139fc7d9264466bafd63ab8ed
-
SHA256
9c3da492d0b98fec833d5217e46cee71fd67cf4d0bae48267cc4007095f096d2
-
SHA512
5d0c21c7648c2b618eb079bb2cf699f89a36deab5e360b9db3244b1213b1da967b248708999bc89c7d039c9afdb5b3c4756f34d3e6203d8ef3b1ca89cd5a8176
Malware Config
Targets
-
-
Target
Payment Advice GLV225445686.exe
-
Size
708KB
-
MD5
757844785304a9b94d0f994b24a2f177
-
SHA1
4d01dcfa4292530139fc7d9264466bafd63ab8ed
-
SHA256
9c3da492d0b98fec833d5217e46cee71fd67cf4d0bae48267cc4007095f096d2
-
SHA512
5d0c21c7648c2b618eb079bb2cf699f89a36deab5e360b9db3244b1213b1da967b248708999bc89c7d039c9afdb5b3c4756f34d3e6203d8ef3b1ca89cd5a8176
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-