General
-
Target
68d7a694439928fc95a94e21bb6067842c849c4bcc16d5032009e381aa71011e
-
Size
482KB
-
Sample
221123-rd5n2agd39
-
MD5
e28fa154df6d2bb29c4db88f932be2b7
-
SHA1
9d19334885d749e718d7364cfd3319c783b635e1
-
SHA256
68d7a694439928fc95a94e21bb6067842c849c4bcc16d5032009e381aa71011e
-
SHA512
45a259bdd03ec1a49fdea5cb2c976a61ae6ac888e78da53cc6343745d1348b3c4bbdb81ce621ae44d8a5c71a4c68e1e635514b18e6e65483c40ce67be9a70892
-
SSDEEP
12288:6f5jAFxwagw/hZQ8gLJxTK+oxoNzNLA+Ninw8AK:6eJgw3Q8gLJxT3oxm5MCicK
Malware Config
Targets
-
-
Target
68d7a694439928fc95a94e21bb6067842c849c4bcc16d5032009e381aa71011e
-
Size
482KB
-
MD5
e28fa154df6d2bb29c4db88f932be2b7
-
SHA1
9d19334885d749e718d7364cfd3319c783b635e1
-
SHA256
68d7a694439928fc95a94e21bb6067842c849c4bcc16d5032009e381aa71011e
-
SHA512
45a259bdd03ec1a49fdea5cb2c976a61ae6ac888e78da53cc6343745d1348b3c4bbdb81ce621ae44d8a5c71a4c68e1e635514b18e6e65483c40ce67be9a70892
-
SSDEEP
12288:6f5jAFxwagw/hZQ8gLJxTK+oxoNzNLA+Ninw8AK:6eJgw3Q8gLJxT3oxm5MCicK
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-