Extracted

• • Target

    201021.exe

  • Size

    1.3MB

  • MD5

    ff59b59d6fb138bd3a588d89ea0fa1d7

  • SHA1

    fad22ded5983e8d5a9bffa398c3281670e496f46

  • SHA256

    8e1c67e8ed76591ed779773be365b2b66440d958f1bf3556d4512f71836c3d2f

  • SHA512

    7c3017e263d812bac1ad57bf4ed4371fe7414cbde8af077e507811a9ce538d1fdbbb5d396f355792dae67cdf9c25e3b0128a036816d74a48ad68c62e5109054e

  Score

  10^/10

  hawkeyeagilenetcollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2