General
-
Target
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441
-
Size
552KB
-
Sample
220314-a5zhnadbdp
-
MD5
4cf38e8027650b04328f649b08e0235a
-
SHA1
8842f751d29b1f694387f4889f73c7da70bcfc16
-
SHA256
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441
-
SHA512
9f4933892e82af424cef459de93749a2c780fc18e2d02881234db19ef962532e841c719dc1298a5eb3f96fa3f430a86d457b50750069b30d1523d2809c6e4e6b
Static task
static1
Behavioral task
behavioral1
Sample
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441
-
Size
552KB
-
MD5
4cf38e8027650b04328f649b08e0235a
-
SHA1
8842f751d29b1f694387f4889f73c7da70bcfc16
-
SHA256
de94eba42bc864bb4b4c126cd4c33549e4f2f3dade6df44cca6380d74a85d441
-
SHA512
9f4933892e82af424cef459de93749a2c780fc18e2d02881234db19ef962532e841c719dc1298a5eb3f96fa3f430a86d457b50750069b30d1523d2809c6e4e6b
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-