General
-
Target
f0fcd122b6c9956f3a5a0a2636710f53d2127f400cdcbcfe61d877a8ecee50da
-
Size
380KB
-
Sample
221123-syy8esff61
-
MD5
0b0e74f1302114ddfb876db4226ddad9
-
SHA1
8b43877291c8ff9ad848efabfdced7860cf98bf0
-
SHA256
f0fcd122b6c9956f3a5a0a2636710f53d2127f400cdcbcfe61d877a8ecee50da
-
SHA512
b0d9898c8f6d4fdee33ac8d72aa32cfd5b525727d79154ca849aa550d6bb5617abf04f8d5466a2cd18aa0f2184bd5282dacab16edfdf8c92883c6478f9521386
-
SSDEEP
6144:zXuC3K3FeMFKaMj0PaWufEO9gTgz6QAS/PYCUM83ZON7LGMpE2VsqTUs7:zuSK3lAajufm66cPs+FLGMpyhs
Malware Config
Extracted
Protocol: ftp- Host:
31.170.167.246 - Port:
21 - Username:
u357185350 - Password:
Abc@123456
Targets
-
-
Target
f0fcd122b6c9956f3a5a0a2636710f53d2127f400cdcbcfe61d877a8ecee50da
-
Size
380KB
-
MD5
0b0e74f1302114ddfb876db4226ddad9
-
SHA1
8b43877291c8ff9ad848efabfdced7860cf98bf0
-
SHA256
f0fcd122b6c9956f3a5a0a2636710f53d2127f400cdcbcfe61d877a8ecee50da
-
SHA512
b0d9898c8f6d4fdee33ac8d72aa32cfd5b525727d79154ca849aa550d6bb5617abf04f8d5466a2cd18aa0f2184bd5282dacab16edfdf8c92883c6478f9521386
-
SSDEEP
6144:zXuC3K3FeMFKaMj0PaWufEO9gTgz6QAS/PYCUM83ZON7LGMpE2VsqTUs7:zuSK3lAajufm66cPs+FLGMpyhs
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-