General
-
Target
f50b2f5af621d3488b72b25b80d656e9f7a111e76679f0afa0d4e36a99ccce09
-
Size
2.8MB
-
Sample
221124-lv7l3aeh79
-
MD5
31ea801722a01123197b6715411d0ec7
-
SHA1
677c6df7d4ab64bba5471a64de1613661ae71fa1
-
SHA256
f50b2f5af621d3488b72b25b80d656e9f7a111e76679f0afa0d4e36a99ccce09
-
SHA512
06de197d739a6f344bd30e595f2521017b6098d7163d91ba280c5d208d02c1fe48d02d3f3c8ff3315ede29338f137582582f7555670ce1157cdee0d0afdf6e3d
-
SSDEEP
49152:GkthCJW+30AeduWfFhEl200Ql8z8qQrgsm0nCxVi1eXh+t2Sd1FDIA0L1:GaoJh0XuWfFelt0QlUBQsBViURQ2anDI
Malware Config
Targets
-
-
Target
f50b2f5af621d3488b72b25b80d656e9f7a111e76679f0afa0d4e36a99ccce09
-
Size
2.8MB
-
MD5
31ea801722a01123197b6715411d0ec7
-
SHA1
677c6df7d4ab64bba5471a64de1613661ae71fa1
-
SHA256
f50b2f5af621d3488b72b25b80d656e9f7a111e76679f0afa0d4e36a99ccce09
-
SHA512
06de197d739a6f344bd30e595f2521017b6098d7163d91ba280c5d208d02c1fe48d02d3f3c8ff3315ede29338f137582582f7555670ce1157cdee0d0afdf6e3d
-
SSDEEP
49152:GkthCJW+30AeduWfFhEl200Ql8z8qQrgsm0nCxVi1eXh+t2Sd1FDIA0L1:GaoJh0XuWfFelt0QlUBQsBViURQ2anDI
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-