General
-
Target
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104
-
Size
579KB
-
Sample
220222-w7ag7scce2
-
MD5
bf07faf02a926ec92abc40cc7841b1ad
-
SHA1
901affb9fdb6f49b7471401a323b40f79a5cb029
-
SHA256
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104
-
SHA512
d984b072682867512bf2ecf1e2a4641c627822690e00560ec582b24f6163f7e79ea5626b035c4c061db9a809b55d74e7271768cd86abf2c0964bcea1af386eb0
Static task
static1
Behavioral task
behavioral1
Sample
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104
-
Size
579KB
-
MD5
bf07faf02a926ec92abc40cc7841b1ad
-
SHA1
901affb9fdb6f49b7471401a323b40f79a5cb029
-
SHA256
10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104
-
SHA512
d984b072682867512bf2ecf1e2a4641c627822690e00560ec582b24f6163f7e79ea5626b035c4c061db9a809b55d74e7271768cd86abf2c0964bcea1af386eb0
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Sets file execution options in registry
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-