General
-
Target
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
Size
595KB
-
Sample
221126-qtlqesfh66
-
MD5
3c24d55d8ffb5df897c1bd8f9e0df713
-
SHA1
7d16da3ae8a1248fe66ecbceac439acbd87adcf3
-
SHA256
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
SHA512
63d60c98af1f55fe1a20824ea232b85d1c034b520b4795e8e0272b2d75487360f57d23bfe948af418f0ff32dfa94fa9cdc18d1634b8c8bd3209c61a733e508ba
-
SSDEEP
12288:+b+Xl3dHIfW/8HUcVgH1n+k0lpp26lHN:+olN5kHUcVgYkcp4S
Malware Config
Extracted
Protocol: smtp- Host:
imabrinde.pt - Port:
587 - Username:
[email protected] - Password:
need4speed@
Targets
-
-
Target
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
Size
595KB
-
MD5
3c24d55d8ffb5df897c1bd8f9e0df713
-
SHA1
7d16da3ae8a1248fe66ecbceac439acbd87adcf3
-
SHA256
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
SHA512
63d60c98af1f55fe1a20824ea232b85d1c034b520b4795e8e0272b2d75487360f57d23bfe948af418f0ff32dfa94fa9cdc18d1634b8c8bd3209c61a733e508ba
-
SSDEEP
12288:+b+Xl3dHIfW/8HUcVgH1n+k0lpp26lHN:+olN5kHUcVgYkcp4S
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-