General
-
Target
f963857e00c6adad3a43c223f47219f00a342622e6771eb7209903f0e3b0aa44
-
Size
520KB
-
Sample
221123-stchvscb83
-
MD5
7359a099f16c2e95c97a2475e82325d9
-
SHA1
fea7ccc14ea7b641965a8de64834ffbf2514fcc0
-
SHA256
f963857e00c6adad3a43c223f47219f00a342622e6771eb7209903f0e3b0aa44
-
SHA512
0d6ca32763a1814252bc73aeb96aa04b4f81993f671bd463160a6c844a898e773407d5c36f591b6d012a5c995faf231a9c8a796f1b4d65b6080da39f8c1ff572
-
SSDEEP
6144:sjXbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9n3I:oXQtqB5urTIoYWBQk1E+VF9mOx9Y
Malware Config
Targets
-
-
Target
f963857e00c6adad3a43c223f47219f00a342622e6771eb7209903f0e3b0aa44
-
Size
520KB
-
MD5
7359a099f16c2e95c97a2475e82325d9
-
SHA1
fea7ccc14ea7b641965a8de64834ffbf2514fcc0
-
SHA256
f963857e00c6adad3a43c223f47219f00a342622e6771eb7209903f0e3b0aa44
-
SHA512
0d6ca32763a1814252bc73aeb96aa04b4f81993f671bd463160a6c844a898e773407d5c36f591b6d012a5c995faf231a9c8a796f1b4d65b6080da39f8c1ff572
-
SSDEEP
6144:sjXbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9n3I:oXQtqB5urTIoYWBQk1E+VF9mOx9Y
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-