General
-
Target
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
Size
1.1MB
-
Sample
221126-aq52wsce9t
-
MD5
be77119e22610ed15c2c80807d895225
-
SHA1
c252c1dbe02adb8b327a319224e016181d023762
-
SHA256
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
SHA512
716ee6b8cace20ca686a7ab82c25236504c633b0bb274ca75f590d25f6506b6bb4d5c54f7b1f09635208b04062981369303070e236f1b6618b897c2e3162e192
-
SSDEEP
24576:52LTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:ox6
Malware Config
Targets
-
-
Target
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
Size
1.1MB
-
MD5
be77119e22610ed15c2c80807d895225
-
SHA1
c252c1dbe02adb8b327a319224e016181d023762
-
SHA256
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
SHA512
716ee6b8cace20ca686a7ab82c25236504c633b0bb274ca75f590d25f6506b6bb4d5c54f7b1f09635208b04062981369303070e236f1b6618b897c2e3162e192
-
SSDEEP
24576:52LTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:ox6
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-