General
-
Target
86d22fb92b826680dc0bd40f101f63ed60d31e97f0e5428e0fd288010d773e7c
-
Size
606KB
-
Sample
221123-lncs4sbg67
-
MD5
720d10b1cf1f0ffea760e4614547a371
-
SHA1
a68f59f07bbacbd75e1951082bf2a66cc3936c9e
-
SHA256
86d22fb92b826680dc0bd40f101f63ed60d31e97f0e5428e0fd288010d773e7c
-
SHA512
2efe8967868821c934ce4bf2c55b486ad9f2942dbb2b4509938a6d6273b1a7d7d2644bcb93cbe63298669d257871fc2a38aecf33e73ac0849c58e3d9d7029019
-
SSDEEP
12288:lZ72G7ahUmH2fG+nW6ITjKdXix4ZQ/gyblukHCGrFp:n729UmH2++XIa12lbQYCGBp
Malware Config
Targets
-
-
Target
86d22fb92b826680dc0bd40f101f63ed60d31e97f0e5428e0fd288010d773e7c
-
Size
606KB
-
MD5
720d10b1cf1f0ffea760e4614547a371
-
SHA1
a68f59f07bbacbd75e1951082bf2a66cc3936c9e
-
SHA256
86d22fb92b826680dc0bd40f101f63ed60d31e97f0e5428e0fd288010d773e7c
-
SHA512
2efe8967868821c934ce4bf2c55b486ad9f2942dbb2b4509938a6d6273b1a7d7d2644bcb93cbe63298669d257871fc2a38aecf33e73ac0849c58e3d9d7029019
-
SSDEEP
12288:lZ72G7ahUmH2fG+nW6ITjKdXix4ZQ/gyblukHCGrFp:n729UmH2++XIa12lbQYCGBp
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-