General
-
Target
69d327445c711bc768fc907eb37e0df4f4e61b43ab49bb41f328af77799d55c5
-
Size
506KB
-
Sample
220521-ntn5faebb8
-
MD5
4e3ecbc5b64176f9304e3d96aeb5ee64
-
SHA1
ff5789a076a9a443a85250765ca5a16d8ede7c5c
-
SHA256
69d327445c711bc768fc907eb37e0df4f4e61b43ab49bb41f328af77799d55c5
-
SHA512
f28d6165559936250eb414cf755d81d1bb29ae09246c12e525a4ed89be40440bf182a7f48effc7905d966278a5d13ae34f308840d050eabab992c57c97ba13f7
Malware Config
Targets
-
-
Target
Dettagli di spedizione.exe
-
Size
743KB
-
MD5
4e6c88000d39ba9b2970a38c06ad8954
-
SHA1
a445842a0c65c55517f0573f1b3acd0e5bfa6632
-
SHA256
5b56965b3b01283c8ac5277021645a8c85c366e39c200d8bcb6869750dfc3100
-
SHA512
1a6ddc38932fa2dd2f0d5bd64db2808331153f83b080b75f0c7b63311f10e5da009859034bc1ec5f2c737326bae6c66e3f510c4fa1d7e476a7e9c76acf39546f
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-