General
-
Target
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
Size
502KB
-
Sample
221124-y36e7aga84
-
MD5
37b4e59d885b1497688c32871a13c592
-
SHA1
0deb2d0c55e654877b0e131687c05ae45dd71022
-
SHA256
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
SHA512
a911394c2c5f75a7d7ce38edddfa5d640011dc883e9360a95be2faf746ba7094f12775f4a057a3ae97ce17d2947cdc4964db1ce63bd898a910f927e4971211f1
-
SSDEEP
6144:BrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9bH7:BrLQtqB5urTIoYWBQk1E+VF9mOx9X
Malware Config
Targets
-
-
Target
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
Size
502KB
-
MD5
37b4e59d885b1497688c32871a13c592
-
SHA1
0deb2d0c55e654877b0e131687c05ae45dd71022
-
SHA256
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
SHA512
a911394c2c5f75a7d7ce38edddfa5d640011dc883e9360a95be2faf746ba7094f12775f4a057a3ae97ce17d2947cdc4964db1ce63bd898a910f927e4971211f1
-
SSDEEP
6144:BrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9bH7:BrLQtqB5urTIoYWBQk1E+VF9mOx9X
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-