General
-
Target
4ad8a8ab92287106e19bb7e910b83c10912da964991b72e853562aabacb033ed
-
Size
643KB
-
Sample
221125-vwwqmacd23
-
MD5
20553eaee468685d1fa0a7f2cb2db74b
-
SHA1
b62e9c76f8aa351618eb2321eeeb1fd5ae14ace6
-
SHA256
4ad8a8ab92287106e19bb7e910b83c10912da964991b72e853562aabacb033ed
-
SHA512
352b0b3bfcd207a661b6886e1b2b9e902b4bb2d14c588fc70e387ecfc95b8094142f7404d1313f114554c24fb6b4e0ae351116cf50594ce49c042c0f171a2052
-
SSDEEP
12288:MBAcMVBAV4mfT/thn5D4XN0NzutaVlG4O+v270UN:PVVBABT/thn1mN0NzYgKt
Malware Config
Targets
-
-
Target
4ad8a8ab92287106e19bb7e910b83c10912da964991b72e853562aabacb033ed
-
Size
643KB
-
MD5
20553eaee468685d1fa0a7f2cb2db74b
-
SHA1
b62e9c76f8aa351618eb2321eeeb1fd5ae14ace6
-
SHA256
4ad8a8ab92287106e19bb7e910b83c10912da964991b72e853562aabacb033ed
-
SHA512
352b0b3bfcd207a661b6886e1b2b9e902b4bb2d14c588fc70e387ecfc95b8094142f7404d1313f114554c24fb6b4e0ae351116cf50594ce49c042c0f171a2052
-
SSDEEP
12288:MBAcMVBAV4mfT/thn5D4XN0NzutaVlG4O+v270UN:PVVBABT/thn1mN0NzYgKt
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-