General
-
Target
e1945430dceed606ba3a8cff1a38fced69ed4a9ff1eaecbd6b8b1ebc7c918b76
-
Size
452KB
-
Sample
221123-s4lvaaga8t
-
MD5
d77f2ec9e85a152b9c0bbce2f9e4355c
-
SHA1
c9a0017ce1cb6570000407894587f9a28162e71e
-
SHA256
e1945430dceed606ba3a8cff1a38fced69ed4a9ff1eaecbd6b8b1ebc7c918b76
-
SHA512
5e3b00ec62ec6afda5c4596bd8f5175af28d2ae7d64a7ae20bd50899fec4c965c7ba8b91a0b4e6fb93ef09cedc7f9398e7659f013d1c8cb783330799dd7949e6
-
SSDEEP
12288:pWVfQmlsMiOaRBaw8zhYkeCzIZMeQYbVd:EVfWMoNk3kZPbv
Malware Config
Targets
-
-
Target
e1945430dceed606ba3a8cff1a38fced69ed4a9ff1eaecbd6b8b1ebc7c918b76
-
Size
452KB
-
MD5
d77f2ec9e85a152b9c0bbce2f9e4355c
-
SHA1
c9a0017ce1cb6570000407894587f9a28162e71e
-
SHA256
e1945430dceed606ba3a8cff1a38fced69ed4a9ff1eaecbd6b8b1ebc7c918b76
-
SHA512
5e3b00ec62ec6afda5c4596bd8f5175af28d2ae7d64a7ae20bd50899fec4c965c7ba8b91a0b4e6fb93ef09cedc7f9398e7659f013d1c8cb783330799dd7949e6
-
SSDEEP
12288:pWVfQmlsMiOaRBaw8zhYkeCzIZMeQYbVd:EVfWMoNk3kZPbv
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-