General
-
Target
c84da41844f93cb56561c1190d9f9ddc1f5f732df4f7c9d7e8b1546bb93e3747
-
Size
611KB
-
Sample
221124-x4d7nagh8y
-
MD5
c50f5faa258a4ba17024d057656bd214
-
SHA1
0ae4b56b611fc62ddfc461c6c4f469fd70d34575
-
SHA256
c84da41844f93cb56561c1190d9f9ddc1f5f732df4f7c9d7e8b1546bb93e3747
-
SHA512
628f710a8545c10b9754eedcf5c37e9d7c51ec46fe9bf97caa6599d7d2de92ebe6ca36f7a1e50cbee00b209bae4aa542c3392ed67d74b5246ff0a7b574550663
-
SSDEEP
12288:Ou8ZNQ0jQHf12pngbTZTu8wv+KjjALK32G6Pu:L6Ngd26tu8C+KjcL22
Malware Config
Targets
-
-
Target
c84da41844f93cb56561c1190d9f9ddc1f5f732df4f7c9d7e8b1546bb93e3747
-
Size
611KB
-
MD5
c50f5faa258a4ba17024d057656bd214
-
SHA1
0ae4b56b611fc62ddfc461c6c4f469fd70d34575
-
SHA256
c84da41844f93cb56561c1190d9f9ddc1f5f732df4f7c9d7e8b1546bb93e3747
-
SHA512
628f710a8545c10b9754eedcf5c37e9d7c51ec46fe9bf97caa6599d7d2de92ebe6ca36f7a1e50cbee00b209bae4aa542c3392ed67d74b5246ff0a7b574550663
-
SSDEEP
12288:Ou8ZNQ0jQHf12pngbTZTu8wv+KjjALK32G6Pu:L6Ngd26tu8C+KjcL22
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-