General
-
Target
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
Size
556KB
-
Sample
220701-f6rgbsfgb4
-
MD5
e3638516b609eed8bfa8e5732e5eebba
-
SHA1
12c752d26dab93e1b10f81cca4c7bb5d45c7b654
-
SHA256
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
SHA512
ef60515898834800b2b281bb3484591125c4e5f91487dd8e5f1c2e07226d64cb0739448d9a53f68a3e42ab5498cf721e4e55b0702135657f5d9974158d746984
Malware Config
Targets
-
-
Target
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
Size
556KB
-
MD5
e3638516b609eed8bfa8e5732e5eebba
-
SHA1
12c752d26dab93e1b10f81cca4c7bb5d45c7b654
-
SHA256
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
SHA512
ef60515898834800b2b281bb3484591125c4e5f91487dd8e5f1c2e07226d64cb0739448d9a53f68a3e42ab5498cf721e4e55b0702135657f5d9974158d746984
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-