Extracted

• • Target

    coppy.exe

  • Size

    1.1MB

  • MD5

    57e39c48e784b3a979493e1945139cb7

  • SHA1

    3074d590c3ffdf65c0516cf18d816da9978cb321

  • SHA256

    5d5656bf50bf4d14a6b4129c7f3dfd9f446b98df3edeaf2d9036a77d49f52349

  • SHA512

    d816fe98485feade6f968acdf5be92f71c77a12aba089ada7451f30e22c8f0a16cafe77bfa7bf7cb94e8dff822bb5c675b9937eb53bab9957f91e9961ac0df56

  • SSDEEP

    24576:gVnc4FxHeu14NcBZODcHYZrq1MpGpPX6kUvZdEL:0nRFxHehNhDcRe+PavXEL

  Score

  10^/10

  hawkeyecollectionkeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2