General
-
Target
f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2
-
Size
738KB
-
Sample
221126-kj1tpsaa6w
-
MD5
760542bab9360dfcbcc22833f1e93169
-
SHA1
3b7442c192462e7a0218fe62e7934d20d70fc25a
-
SHA256
f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2
-
SHA512
08b81ce78bb30ff8d2aec978eb4da11e21009ef47492366cfaef11ecd7d2a2099cc3ead4d9004e725a97b1db7271c5b0956f369a35696d21868813f1832cab33
-
SSDEEP
12288:qTagPcvEBEFvBiyUf7xeQFCH2iE0h1vkkjhiy4/E+4UBDHzW6NqNAg5n1MMMMMMu:qrksbJfFeLHf13kuhFSE8zzEAY1MMMMS
Malware Config
Targets
-
-
Target
f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2
-
Size
738KB
-
MD5
760542bab9360dfcbcc22833f1e93169
-
SHA1
3b7442c192462e7a0218fe62e7934d20d70fc25a
-
SHA256
f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2
-
SHA512
08b81ce78bb30ff8d2aec978eb4da11e21009ef47492366cfaef11ecd7d2a2099cc3ead4d9004e725a97b1db7271c5b0956f369a35696d21868813f1832cab33
-
SSDEEP
12288:qTagPcvEBEFvBiyUf7xeQFCH2iE0h1vkkjhiy4/E+4UBDHzW6NqNAg5n1MMMMMMu:qrksbJfFeLHf13kuhFSE8zzEAY1MMMMS
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-