General
-
Target
7e0d670b972b3896f8cd49df075d5ecc8f46da71526af485e73da70cdd8810b4
-
Size
871KB
-
Sample
221123-t89btabc7x
-
MD5
6859c0d074553797b2c13c2efb9fcd3f
-
SHA1
69cc977bec873ca83696c2ebe57d5bb53878e7e6
-
SHA256
7e0d670b972b3896f8cd49df075d5ecc8f46da71526af485e73da70cdd8810b4
-
SHA512
9c77ec020ff8441edede2d5a4653fa8fb7e5e190911644a2fe20d4be747a44e00bb49cc2b3299bf493eb305778f533d2130ffacd69c93c947a5456f5c7e72fb4
-
SSDEEP
12288:9JHKWU4Gg5Uwq792xTSEKs/nY13SgQP2DXDFPL0JheIVuakIKyliG0u:rKG3qdPmESpPSFPwJYauakIH+
Malware Config
Targets
-
-
Target
7e0d670b972b3896f8cd49df075d5ecc8f46da71526af485e73da70cdd8810b4
-
Size
871KB
-
MD5
6859c0d074553797b2c13c2efb9fcd3f
-
SHA1
69cc977bec873ca83696c2ebe57d5bb53878e7e6
-
SHA256
7e0d670b972b3896f8cd49df075d5ecc8f46da71526af485e73da70cdd8810b4
-
SHA512
9c77ec020ff8441edede2d5a4653fa8fb7e5e190911644a2fe20d4be747a44e00bb49cc2b3299bf493eb305778f533d2130ffacd69c93c947a5456f5c7e72fb4
-
SSDEEP
12288:9JHKWU4Gg5Uwq792xTSEKs/nY13SgQP2DXDFPL0JheIVuakIKyliG0u:rKG3qdPmESpPSFPwJYauakIH+
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-