General
-
Target
96df2e3f39f59c573c66f0c750b7aff440b6fbfc92bc1101407d91e6eb03ed88
-
Size
576KB
-
Sample
221001-282wqsbea7
-
MD5
7349759813699be272126c1752ea0900
-
SHA1
e7a9b949136999eca4b594fc23ef6a8dde3869ae
-
SHA256
96df2e3f39f59c573c66f0c750b7aff440b6fbfc92bc1101407d91e6eb03ed88
-
SHA512
5b2c92cb2e56d8372c7fc3f9a1ed647b8ed515be497b4207fa96ad505a402d9fd06158b8966ecb1fdbab02a1a822f3d9bb50ad11705c26097eae96c2776006eb
-
SSDEEP
6144:O+oNvG8I6c68UAjObTgNgoGcvUxlxQy4f/D3KOgjyFwMu+IIkOywhjhbvam9:OHU6+Kvxlx4X+jT3IPRhbvl9
Malware Config
Targets
-
-
Target
96df2e3f39f59c573c66f0c750b7aff440b6fbfc92bc1101407d91e6eb03ed88
-
Size
576KB
-
MD5
7349759813699be272126c1752ea0900
-
SHA1
e7a9b949136999eca4b594fc23ef6a8dde3869ae
-
SHA256
96df2e3f39f59c573c66f0c750b7aff440b6fbfc92bc1101407d91e6eb03ed88
-
SHA512
5b2c92cb2e56d8372c7fc3f9a1ed647b8ed515be497b4207fa96ad505a402d9fd06158b8966ecb1fdbab02a1a822f3d9bb50ad11705c26097eae96c2776006eb
-
SSDEEP
6144:O+oNvG8I6c68UAjObTgNgoGcvUxlxQy4f/D3KOgjyFwMu+IIkOywhjhbvam9:OHU6+Kvxlx4X+jT3IPRhbvl9
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-