General
-
Target
001be0786a35029834bdbf5188d2fd83caa9016350e392ca460a7e788b182dbc
-
Size
915KB
-
Sample
221127-bav3escd6z
-
MD5
1a672ee476056049570521cd58f72b79
-
SHA1
b4b419a68ee36faa54940790713a849997717add
-
SHA256
001be0786a35029834bdbf5188d2fd83caa9016350e392ca460a7e788b182dbc
-
SHA512
8f9afaf53dac4bc49789922b0ead34fa6e76756429ba78b772bf7d56c6473167f6692e5cb7eeeeefa8f4943f3c60a7bc1357745d97898fedc37830fe2a970881
-
SSDEEP
24576:OoCXypzdRv9KsMiPx/OC+LibunbwVCwatPY7qSmx:O9Un1zx/OXDn8VCrVY7i
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
steve.wealth@mail.ru - Password:
general123
Targets
-
-
Target
001be0786a35029834bdbf5188d2fd83caa9016350e392ca460a7e788b182dbc
-
Size
915KB
-
MD5
1a672ee476056049570521cd58f72b79
-
SHA1
b4b419a68ee36faa54940790713a849997717add
-
SHA256
001be0786a35029834bdbf5188d2fd83caa9016350e392ca460a7e788b182dbc
-
SHA512
8f9afaf53dac4bc49789922b0ead34fa6e76756429ba78b772bf7d56c6473167f6692e5cb7eeeeefa8f4943f3c60a7bc1357745d97898fedc37830fe2a970881
-
SSDEEP
24576:OoCXypzdRv9KsMiPx/OC+LibunbwVCwatPY7qSmx:O9Un1zx/OXDn8VCrVY7i
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-