General
-
Target
8cc2f53bff5b28bd19b6216c2f025451851e35bf84aa00c16d0602af7f954a1e
-
Size
712KB
-
Sample
221123-qzy8psfc67
-
MD5
80fa4ff9b4ce3ab432e6b120ab5800d6
-
SHA1
dcbd6cfdf7d81089392ab74d87c87986bcaf1249
-
SHA256
8cc2f53bff5b28bd19b6216c2f025451851e35bf84aa00c16d0602af7f954a1e
-
SHA512
fcb515603fb9e102028e2bf3b15358874d89e8a9b4603197aba91a24852cb2f7c15dfe71ab5cfaf400e7d654bd89c7e927db063f52d8b55247a2cf67b7ffed38
-
SSDEEP
12288:CQtqB5urTIoYWBQk1E+VF9mOx99PP7r9r/+ppppppppppppppppppppppppppppd:CQtqBorTlYWBhE+V3mOVP1q
Malware Config
Targets
-
-
Target
8cc2f53bff5b28bd19b6216c2f025451851e35bf84aa00c16d0602af7f954a1e
-
Size
712KB
-
MD5
80fa4ff9b4ce3ab432e6b120ab5800d6
-
SHA1
dcbd6cfdf7d81089392ab74d87c87986bcaf1249
-
SHA256
8cc2f53bff5b28bd19b6216c2f025451851e35bf84aa00c16d0602af7f954a1e
-
SHA512
fcb515603fb9e102028e2bf3b15358874d89e8a9b4603197aba91a24852cb2f7c15dfe71ab5cfaf400e7d654bd89c7e927db063f52d8b55247a2cf67b7ffed38
-
SSDEEP
12288:CQtqB5urTIoYWBQk1E+VF9mOx99PP7r9r/+ppppppppppppppppppppppppppppd:CQtqBorTlYWBhE+V3mOVP1q
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-