General
-
Target
a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
-
Size
550KB
-
Sample
221124-cngbvsah89
-
MD5
5a9fff2de2f9912b553c6d4d2eab3d66
-
SHA1
e43bd2c688b48db645d37a598eeccf9c7570b99e
-
SHA256
a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
-
SHA512
9c99e8ecdd55738cb51d661e34f654d6e25293d92041da281327a3dd73b0c28b917e6fbed4164ab3f9195fd5e120f3be598f6395872db15fcb200a9c7897d7db
-
SSDEEP
12288:PBFZTK6hTEJmB5yC9TgIdwV1FqMd+f7eZX:PBFZu6h0mZpDK+f7e
Malware Config
Targets
-
-
Target
a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
-
Size
550KB
-
MD5
5a9fff2de2f9912b553c6d4d2eab3d66
-
SHA1
e43bd2c688b48db645d37a598eeccf9c7570b99e
-
SHA256
a3ad6380bb7ca56ce6b0198ccbee6d4782510dbcbb31681ced66387496081a3e
-
SHA512
9c99e8ecdd55738cb51d661e34f654d6e25293d92041da281327a3dd73b0c28b917e6fbed4164ab3f9195fd5e120f3be598f6395872db15fcb200a9c7897d7db
-
SSDEEP
12288:PBFZTK6hTEJmB5yC9TgIdwV1FqMd+f7eZX:PBFZu6h0mZpDK+f7e
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-