Extracted

• • Target

    5b43de5b0b668396408a8a16191a43edf6e1c93101b58c6771fbdf07bd3a049d

  • Size

    986KB

  • MD5

    92bab5a124f807821ce058b6c4b38930

  • SHA1

    8e86cd181ddc53f4c5686b6114fc95582fa5ef3f

  • SHA256

    5b43de5b0b668396408a8a16191a43edf6e1c93101b58c6771fbdf07bd3a049d

  • SHA512

    dc5a23760b5aa8c55c47e2cf9c1bf0d26b1347996b353531c004418b217b7cb8411639b6f7d326d3fb2a012cdb7deba9984ecc81f2aa004e6a89d08e9656e239

  • SSDEEP

    12288:o+4QRGw4W1xZ++u9YixSRsGFV4ljdw8h2qC0kDrlRL:BhRG/W1xZ+J9pSCM4lJslRL

  Score

  10^/10

  hawkeyecollectionkeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2