Extracted

• • Target

    4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d

  • Size

    744KB

  • MD5

    2a5c407e1e79a2291a6920a023eac0c3

  • SHA1

    7ac9bab12fd48ae21f59cdef5bb8e4fdb99f6f89

  • SHA256

    4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d

  • SHA512

    5204916f50def7bcefebcb2dd33410e7af7ed952f64a3ad2da9cc495be85813d055692d3b469eb5094c0938ecc04d5f70bd9541e9ff824a76c3369661cbd6705

  • SSDEEP

    12288:8hvk3gqRvyIF0uR5vWPz6qQrKfDT3BwhmlI8Aq:gXOWL7zAq

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2