Extracted

• • Target

    2a4785b0ab1e0bad922f38e44773dc4025f43f495272d989537c8306db87af0a

  • Size

    652KB

  • MD5

    5098e807f62041aaec768eb984bbc190

  • SHA1

    ad51c16fde92de08f548635a22e2bf0b21907b2a

  • SHA256

    2a4785b0ab1e0bad922f38e44773dc4025f43f495272d989537c8306db87af0a

  • SHA512

    3e8cb8177eb7bd788b348209a1db3903226d1e1b047e493d5bec432a508ece29bf9893fc7c8d0b6061d543fee65d98d5dec4cbbca69ff77cebf23aa651d57443

  • SSDEEP

    12288:rwIULLcMcF3JzeL3CJeEUTu608tHxrP3eghcwY7EubQz58TcXm:PUXcxF3JzezCJeEQuGtRb3eqkoCo

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2