General
-
Target
b5116623b3eda02e08f24d54ea9b4b7a86e7aa8dcfebdded3f0c82edc6a6aee4
-
Size
540KB
-
Sample
221124-y7f14agc73
-
MD5
2821709759d193d03ff8806abf0df105
-
SHA1
61e0a88c2b4e16d36a0aa82c3f0429e3c556516d
-
SHA256
b5116623b3eda02e08f24d54ea9b4b7a86e7aa8dcfebdded3f0c82edc6a6aee4
-
SHA512
6b3d802d726e292777fadb54142ed17ed66dd0ba22c3f7a8622e03c1a2ac0a77c7e0e61818dff45f7d3c88155e2b67ae03c5efdab94ecfb96cc74e82a678a777
-
SSDEEP
6144:mu2GrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9RD2:FQtqB5urTIoYWBQk1E+VF9mOx9R1Q
Malware Config
Targets
-
-
Target
b5116623b3eda02e08f24d54ea9b4b7a86e7aa8dcfebdded3f0c82edc6a6aee4
-
Size
540KB
-
MD5
2821709759d193d03ff8806abf0df105
-
SHA1
61e0a88c2b4e16d36a0aa82c3f0429e3c556516d
-
SHA256
b5116623b3eda02e08f24d54ea9b4b7a86e7aa8dcfebdded3f0c82edc6a6aee4
-
SHA512
6b3d802d726e292777fadb54142ed17ed66dd0ba22c3f7a8622e03c1a2ac0a77c7e0e61818dff45f7d3c88155e2b67ae03c5efdab94ecfb96cc74e82a678a777
-
SSDEEP
6144:mu2GrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9RD2:FQtqB5urTIoYWBQk1E+VF9mOx9R1Q
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-