General
-
Target
cd32ecd3b674d4ea728ab1526f9f39886bdba30e5ebf2f7d1cb9f3a8395fd97a
-
Size
524KB
-
Sample
221123-ad3q1ahc5z
-
MD5
7efa1b4a25f12c86a801af2fbc61011e
-
SHA1
9e9c9a463a461045520792024dfcf27909587777
-
SHA256
cd32ecd3b674d4ea728ab1526f9f39886bdba30e5ebf2f7d1cb9f3a8395fd97a
-
SHA512
86e99f6e3356c1a1dc7c55922e3ede76cc7aa7a9f16c5ae72c82145722d15a0a53dc7600c6a0c62537220b09a4633458ad353d80d77ec2bd5e898541383b33f5
-
SSDEEP
6144:EPoU2J3SLwlmbG2odCHQr7tCw6/dj+ksNqizN4XW0KCTBtN6eTsjHhn+aDW:EQ3WwUbvodC+7Mw6l0cbTB6ysjP
Malware Config
Targets
-
-
Target
cd32ecd3b674d4ea728ab1526f9f39886bdba30e5ebf2f7d1cb9f3a8395fd97a
-
Size
524KB
-
MD5
7efa1b4a25f12c86a801af2fbc61011e
-
SHA1
9e9c9a463a461045520792024dfcf27909587777
-
SHA256
cd32ecd3b674d4ea728ab1526f9f39886bdba30e5ebf2f7d1cb9f3a8395fd97a
-
SHA512
86e99f6e3356c1a1dc7c55922e3ede76cc7aa7a9f16c5ae72c82145722d15a0a53dc7600c6a0c62537220b09a4633458ad353d80d77ec2bd5e898541383b33f5
-
SSDEEP
6144:EPoU2J3SLwlmbG2odCHQr7tCw6/dj+ksNqizN4XW0KCTBtN6eTsjHhn+aDW:EQ3WwUbvodC+7Mw6l0cbTB6ysjP
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-