General
-
Target
08d679d4b9a12137756cc9244bd6f017
-
Size
1.2MB
-
Sample
210727-hdda52zzfe
-
MD5
08d679d4b9a12137756cc9244bd6f017
-
SHA1
580c29bc356057d76873c9c453ed466e1024b7f2
-
SHA256
047f33e6f83796d9fc056d7006a6e8ef69696d63eceb29fb1592bb13a62e79bf
-
SHA512
e6293a802a6f539be11df5f6d83ee113ad98d8e5566d59810a18359ff0756eabe2b10f4c8bbd1e17222aaf45400b8a89d33f0e5786418347dc5213b79d8d7116
Malware Config
Extracted
Protocol: ftp- Host:
ftp.vngpack.com - Port:
21 - Username:
newloggsaa@vngpack.com - Password:
Xpen2000
Targets
-
-
Target
08d679d4b9a12137756cc9244bd6f017
-
Size
1.2MB
-
MD5
08d679d4b9a12137756cc9244bd6f017
-
SHA1
580c29bc356057d76873c9c453ed466e1024b7f2
-
SHA256
047f33e6f83796d9fc056d7006a6e8ef69696d63eceb29fb1592bb13a62e79bf
-
SHA512
e6293a802a6f539be11df5f6d83ee113ad98d8e5566d59810a18359ff0756eabe2b10f4c8bbd1e17222aaf45400b8a89d33f0e5786418347dc5213b79d8d7116
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
suricata: ET MALWARE HawkEye Keylogger FTP
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-