General
-
Target
18862474f14ce47d954e418c6af861da19deb8e366b27e1b79fac227576c82fe
-
Size
771KB
-
Sample
221126-kfnpzaeh44
-
MD5
b380b8758868d1eb80dc93daf7cbb77f
-
SHA1
86a2adc595cd5e3bd39a81162af3de1a28b91a75
-
SHA256
18862474f14ce47d954e418c6af861da19deb8e366b27e1b79fac227576c82fe
-
SHA512
f3455e26b82dc7a241dee753af99d28f2e82f2087d7014bae7812b25dbd414dfde3ca9ab024294394841d401b867a7652ad84bbe259ff59aa06a760d2ba2da4f
-
SSDEEP
12288:9SxgzBSgpfMM7bWRyK02xwzlddyou9GFFYW1N9ob1OuDSE+nTilSV2/Swqfb:9jzYgp1TFdwIFj1N2b1nSEresSwqj
Malware Config
Targets
-
-
Target
18862474f14ce47d954e418c6af861da19deb8e366b27e1b79fac227576c82fe
-
Size
771KB
-
MD5
b380b8758868d1eb80dc93daf7cbb77f
-
SHA1
86a2adc595cd5e3bd39a81162af3de1a28b91a75
-
SHA256
18862474f14ce47d954e418c6af861da19deb8e366b27e1b79fac227576c82fe
-
SHA512
f3455e26b82dc7a241dee753af99d28f2e82f2087d7014bae7812b25dbd414dfde3ca9ab024294394841d401b867a7652ad84bbe259ff59aa06a760d2ba2da4f
-
SSDEEP
12288:9SxgzBSgpfMM7bWRyK02xwzlddyou9GFFYW1N9ob1OuDSE+nTilSV2/Swqfb:9jzYgp1TFdwIFj1N2b1nSEresSwqj
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-