General
-
Target
4f2f43ce00f4da61888c2134dfbf8d633bcef710e187fc6829e13746c3486b51
-
Size
420KB
-
Sample
220521-n4swdahgcl
-
MD5
a642e1efbc883f41d91311661f628396
-
SHA1
985b2d4fcb5870249b98c9b0129d16b2e1827ebb
-
SHA256
4f2f43ce00f4da61888c2134dfbf8d633bcef710e187fc6829e13746c3486b51
-
SHA512
2598c28dd138993f1959bf6e37f9c7e10b17365e9aaaa87cbd2652f797a518e93e16bdc3c62c567d7e74189a19738cfe772e3653898b7663e43dfb61d48d711c
Malware Config
Targets
-
-
Target
Shipment Details.exe
-
Size
560KB
-
MD5
bfd00c9151b6a28d6a4846b7ffb5721f
-
SHA1
85889fc3c764a3dd57b3aaa500e955fde54e71ad
-
SHA256
c708333db7d412d29df106d7ee49279876dc382a22f889fa942416844cdf5b58
-
SHA512
f24ef51a5880ed6129ac60e3c53b5365da992e393175fa2b4f5d02d71f81e8f08a27e0d310a1ef1d337d41c2500b2db9ec58877639c7c87ce3551f56b25fcb96
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-