General
-
Target
32520b0cab62632a2377943757173c44452c2940d1a63aa8636ae4fd78b5c6cb
-
Size
1.1MB
-
Sample
221122-xrl2qshc81
-
MD5
10d287e199767a9cb43c94c85aad2567
-
SHA1
efffb39548ad37d49184b80a339025aad2998805
-
SHA256
32520b0cab62632a2377943757173c44452c2940d1a63aa8636ae4fd78b5c6cb
-
SHA512
667f72f2e2c17cce915ce8860442b45d8fa87158d8b78b88dd620148cca7afbac721fc815afd76d2164d28c71d024eac1903e91e4ee0af87c9457f6e3dfaf162
-
SSDEEP
24576:/7/4TD8UsxKicnEsQfuijuBhE3NpEM4OEU8Bfj:jQTIUsVcEsQ3aEg5jB
Malware Config
Targets
-
-
Target
32520b0cab62632a2377943757173c44452c2940d1a63aa8636ae4fd78b5c6cb
-
Size
1.1MB
-
MD5
10d287e199767a9cb43c94c85aad2567
-
SHA1
efffb39548ad37d49184b80a339025aad2998805
-
SHA256
32520b0cab62632a2377943757173c44452c2940d1a63aa8636ae4fd78b5c6cb
-
SHA512
667f72f2e2c17cce915ce8860442b45d8fa87158d8b78b88dd620148cca7afbac721fc815afd76d2164d28c71d024eac1903e91e4ee0af87c9457f6e3dfaf162
-
SSDEEP
24576:/7/4TD8UsxKicnEsQfuijuBhE3NpEM4OEU8Bfj:jQTIUsVcEsQ3aEg5jB
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-