General
-
Target
d0dad8f66c443a86d9c863941d10166c0d512bc59f093eb3dd99ece3fc8aff4b
-
Size
2.1MB
-
Sample
221126-nnfwwabd46
-
MD5
3fdd44fca6e5b994734a575c7b7e5069
-
SHA1
2c6ff085c796a87b321696ce4192b9506e93b611
-
SHA256
d0dad8f66c443a86d9c863941d10166c0d512bc59f093eb3dd99ece3fc8aff4b
-
SHA512
ec96c9cedd99624d0c054494c916da1f228a3259dc3fde6e60b28d5d38a57769f5043ae8a94b5a4aacfabd2beae3e77beb828d837413a1bc51eaeaaadb953e04
-
SSDEEP
49152:kkwkn9IMHeaKP6vC4CS1oR72/nbI9pveshwaPCS:PdnVPCOe4bapvh1PC
Malware Config
Targets
-
-
Target
d0dad8f66c443a86d9c863941d10166c0d512bc59f093eb3dd99ece3fc8aff4b
-
Size
2.1MB
-
MD5
3fdd44fca6e5b994734a575c7b7e5069
-
SHA1
2c6ff085c796a87b321696ce4192b9506e93b611
-
SHA256
d0dad8f66c443a86d9c863941d10166c0d512bc59f093eb3dd99ece3fc8aff4b
-
SHA512
ec96c9cedd99624d0c054494c916da1f228a3259dc3fde6e60b28d5d38a57769f5043ae8a94b5a4aacfabd2beae3e77beb828d837413a1bc51eaeaaadb953e04
-
SSDEEP
49152:kkwkn9IMHeaKP6vC4CS1oR72/nbI9pveshwaPCS:PdnVPCOe4bapvh1PC
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-