General
-
Target
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
-
Size
773KB
-
Sample
210907-gwjt6sfcbl
-
MD5
0e569851a5caffd0924437714db46abe
-
SHA1
32fe45fbef9753d08978ad11a0001b29f032ba34
-
SHA256
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
-
SHA512
0229b9515e0bd71d7c4b2e5bc6a30dba5b69ba761bf20a1c4a32d112d563e758284b74ff067e0815dd8207dadd40d60292ad0d7998aa501017944949e32ae7a0
Static task
static1
Behavioral task
behavioral1
Sample
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94.exe
Resource
win10-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
zhuresult2018@zoho.com - Password:
OGOM12345
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
-
Size
773KB
-
MD5
0e569851a5caffd0924437714db46abe
-
SHA1
32fe45fbef9753d08978ad11a0001b29f032ba34
-
SHA256
8fd4b32e8bc096e4f4c34ba302295caa4accd453edff3e4a153397710fbc4a94
-
SHA512
0229b9515e0bd71d7c4b2e5bc6a30dba5b69ba761bf20a1c4a32d112d563e758284b74ff067e0815dd8207dadd40d60292ad0d7998aa501017944949e32ae7a0
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-