General
-
Target
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c
-
Size
552KB
-
Sample
220312-ce9xtaebb8
-
MD5
4403a26c829661b9f5263dfa487fb580
-
SHA1
55cb63dc159648200ad7635cd381606e14c5c239
-
SHA256
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c
-
SHA512
021b848067b2295465f63fccb84e747495c7bcb844b637b8b5875f1c0b6734479482966184119a3198145793c1e9e58487722470891b66963facb7575590906a
Static task
static1
Behavioral task
behavioral1
Sample
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c
-
Size
552KB
-
MD5
4403a26c829661b9f5263dfa487fb580
-
SHA1
55cb63dc159648200ad7635cd381606e14c5c239
-
SHA256
a602aab2fa46985654a578e7b29f1505011272587d8a7545f579a44410bb245c
-
SHA512
021b848067b2295465f63fccb84e747495c7bcb844b637b8b5875f1c0b6734479482966184119a3198145793c1e9e58487722470891b66963facb7575590906a
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-