General
-
Target
d3978388adbaed6e67c168147d70d7ad7f0665ee6b419a22b7601306dab9b262
-
Size
1.3MB
-
Sample
221001-y5966aebc8
-
MD5
75089c47926d21a5b770f2bfef026240
-
SHA1
0c3f4409a1b7c0297715c2a529bf1f1062a081ee
-
SHA256
d3978388adbaed6e67c168147d70d7ad7f0665ee6b419a22b7601306dab9b262
-
SHA512
8419febe974479596ade7cb5e628183cfd2422e869b7e2aedffe9df32f31bc18750992f353e635530df60a64025acc11bb5a1277d3e2aad801c5121f1393a236
-
SSDEEP
24576:zRmJkcoQricOIQxiZY1iaBKKPlS1qi0kDhi3cwyIwsUTBrpLHzoEZmDS2U:AJZoQrbTFZY1iaBfPlS1qi0kDgsL39TL
Malware Config
Targets
-
-
Target
d3978388adbaed6e67c168147d70d7ad7f0665ee6b419a22b7601306dab9b262
-
Size
1.3MB
-
MD5
75089c47926d21a5b770f2bfef026240
-
SHA1
0c3f4409a1b7c0297715c2a529bf1f1062a081ee
-
SHA256
d3978388adbaed6e67c168147d70d7ad7f0665ee6b419a22b7601306dab9b262
-
SHA512
8419febe974479596ade7cb5e628183cfd2422e869b7e2aedffe9df32f31bc18750992f353e635530df60a64025acc11bb5a1277d3e2aad801c5121f1393a236
-
SSDEEP
24576:zRmJkcoQricOIQxiZY1iaBKKPlS1qi0kDhi3cwyIwsUTBrpLHzoEZmDS2U:AJZoQrbTFZY1iaBfPlS1qi0kDgsL39TL
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-