General
-
Target
a272f8b872077a8dd3183ba0f73e12fcbb8e1678b2391a507b9bb5b00d63ad4f
-
Size
964KB
-
Sample
221125-pm1ekagd43
-
MD5
5db57e74a261091007e57d3ad1e39d71
-
SHA1
290dfd12ba48ee395806bcc6e189583dacc24e1d
-
SHA256
a272f8b872077a8dd3183ba0f73e12fcbb8e1678b2391a507b9bb5b00d63ad4f
-
SHA512
e014ed21e9162f0d7ad1ed5a57279c528afdb742ceeede5dea1cfacf4f824bb23f97d7812aec12d45e7d5ed026e35d3cffa5f3657c42d3a08c6607c95ba5aabe
-
SSDEEP
12288:4PQ75XWMMrrwZa3tFwGfTjV5WVlf4IG/dbcZW1I0g7Kb2lrCLt/:4AX5MrMZMtFn/rW30h6W7g7KqO
Malware Config
Targets
-
-
Target
a272f8b872077a8dd3183ba0f73e12fcbb8e1678b2391a507b9bb5b00d63ad4f
-
Size
964KB
-
MD5
5db57e74a261091007e57d3ad1e39d71
-
SHA1
290dfd12ba48ee395806bcc6e189583dacc24e1d
-
SHA256
a272f8b872077a8dd3183ba0f73e12fcbb8e1678b2391a507b9bb5b00d63ad4f
-
SHA512
e014ed21e9162f0d7ad1ed5a57279c528afdb742ceeede5dea1cfacf4f824bb23f97d7812aec12d45e7d5ed026e35d3cffa5f3657c42d3a08c6607c95ba5aabe
-
SSDEEP
12288:4PQ75XWMMrrwZa3tFwGfTjV5WVlf4IG/dbcZW1I0g7Kb2lrCLt/:4AX5MrMZMtFn/rW30h6W7g7KqO
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-