General
-
Target
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
Size
1.0MB
-
Sample
221126-sl63hada29
-
MD5
acd430684ecc9c6278874183ca40a133
-
SHA1
b7fa9d0383a64e5a3c18a66fa3ef4d349d60fbb2
-
SHA256
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
SHA512
301ab23e0989cdd42418d1a5f215ced23a54437d15d8fb6adbaf25edebdbca5ead5ce30a19b5eddba7c63ed07007d946050b830d6c293384d096de718b5c6d8c
-
SSDEEP
12288:Xu460DZby5vzCrdIxM0VVaCWg5ctGnw1uia4goH71NvQZoXYE/WRs4haBVtL8skS:e460EzVMoaXgFw0ia4goHRos4olL8VO
Malware Config
Targets
-
-
Target
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
Size
1.0MB
-
MD5
acd430684ecc9c6278874183ca40a133
-
SHA1
b7fa9d0383a64e5a3c18a66fa3ef4d349d60fbb2
-
SHA256
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
SHA512
301ab23e0989cdd42418d1a5f215ced23a54437d15d8fb6adbaf25edebdbca5ead5ce30a19b5eddba7c63ed07007d946050b830d6c293384d096de718b5c6d8c
-
SSDEEP
12288:Xu460DZby5vzCrdIxM0VVaCWg5ctGnw1uia4goH71NvQZoXYE/WRs4haBVtL8skS:e460EzVMoaXgFw0ia4goHRos4olL8VO
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-