General
-
Target
df791c8d0e2339ddd8abbd86510f863096205931c8fd5a619272bfee7ea80278
-
Size
380KB
-
Sample
221122-weyz4afd5t
-
MD5
a33065406e7f049998da710905f88c38
-
SHA1
0bb28cae918f33571758646414d5782e754fdb8d
-
SHA256
df791c8d0e2339ddd8abbd86510f863096205931c8fd5a619272bfee7ea80278
-
SHA512
932cdcc0ef9dc211a25954cd79aa0eefdb0df7ae878c7e5f0c757ce562c2f1ac729a9b8ac8bcc19b0b151c042aefedaa833d7141bd1b0435cac962b16e3f000a
-
SSDEEP
6144:b8f82Kuzq8owhb1hGc/yeG8PO9of6asAaF5jmUyeN3f+sMYpLIIvgJ92j0Agla2x:bA82Kujhxhf/HG8xhNqjm1Qf1jpjgJ7G
Malware Config
Targets
-
-
Target
df791c8d0e2339ddd8abbd86510f863096205931c8fd5a619272bfee7ea80278
-
Size
380KB
-
MD5
a33065406e7f049998da710905f88c38
-
SHA1
0bb28cae918f33571758646414d5782e754fdb8d
-
SHA256
df791c8d0e2339ddd8abbd86510f863096205931c8fd5a619272bfee7ea80278
-
SHA512
932cdcc0ef9dc211a25954cd79aa0eefdb0df7ae878c7e5f0c757ce562c2f1ac729a9b8ac8bcc19b0b151c042aefedaa833d7141bd1b0435cac962b16e3f000a
-
SSDEEP
6144:b8f82Kuzq8owhb1hGc/yeG8PO9of6asAaF5jmUyeN3f+sMYpLIIvgJ92j0Agla2x:bA82Kujhxhf/HG8xhNqjm1Qf1jpjgJ7G
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-