Extracted

• • Target

    f533084c9a750561e5367cec2c76908debdfaaee05dd211903653d81047b3414

  • Size

    566KB

  • MD5

    ab610835f4360f1caad23202a39903af

  • SHA1

    e7d6efb9fca719b56b23c6db1ae46f94f30e22e0

  • SHA256

    f533084c9a750561e5367cec2c76908debdfaaee05dd211903653d81047b3414

  • SHA512

    3c06b63600b14d4903fa4f7d5bbeca495523cbc075adb2fcf2ca1e72d3e532bd4dda58b2d8c5297f415309807adc28752e8e01afb0f8e1dfe78b8325e6d5769c

  • SSDEEP

    6144:ArzbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9DjlDaq:AzQtqB5urTIoYWBQk1E+VF9mOx9dDN

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2