General
-
Target
e7232b9dd98638844d94c9bcc75aa843df74bbc45ce7737f6376f9058900514e
-
Size
600KB
-
Sample
221124-v8l2ysaa39
-
MD5
fdd05b9f1aa34b6f20a0e40a6aac6572
-
SHA1
af224a4c88a07bd9bd31088ba5dc10cc13d12795
-
SHA256
e7232b9dd98638844d94c9bcc75aa843df74bbc45ce7737f6376f9058900514e
-
SHA512
e26e42083e4a342fe1d2bf25c3581dc09e82bb53c05bb774c5c47afa05d44a35f0e95e99a39666f5bc8edfd4a84b06c98dc574a92e71851501c87696b81d83e0
-
SSDEEP
12288:XIvthDKXrSVqkC9GHJXsmNtV9Px8BGvia8gG+hX6rB6ta:XAhDKXHgHJ8atV9PWa8gGWX6rBR
Malware Config
Targets
-
-
Target
e7232b9dd98638844d94c9bcc75aa843df74bbc45ce7737f6376f9058900514e
-
Size
600KB
-
MD5
fdd05b9f1aa34b6f20a0e40a6aac6572
-
SHA1
af224a4c88a07bd9bd31088ba5dc10cc13d12795
-
SHA256
e7232b9dd98638844d94c9bcc75aa843df74bbc45ce7737f6376f9058900514e
-
SHA512
e26e42083e4a342fe1d2bf25c3581dc09e82bb53c05bb774c5c47afa05d44a35f0e95e99a39666f5bc8edfd4a84b06c98dc574a92e71851501c87696b81d83e0
-
SSDEEP
12288:XIvthDKXrSVqkC9GHJXsmNtV9Px8BGvia8gG+hX6rB6ta:XAhDKXHgHJ8atV9PWa8gGWX6rBR
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-