General
-
Target
f8753727a9f2e1da0fd767056742795cd8ef421ae50acb67c34c879a8adde334
-
Size
1.2MB
-
Sample
221127-sm57labf4z
-
MD5
802e875ad94efb8973607d5331cdd95d
-
SHA1
0bea92a51fb96433a9831e4159c4f5c13bac055d
-
SHA256
f8753727a9f2e1da0fd767056742795cd8ef421ae50acb67c34c879a8adde334
-
SHA512
dfbed5ed38aef42baeee3383746aed145ac4839b6ceff946bf6d059ed2aa5ac1f40fcf57e6f95c30f76c0cb2005b63590ee44d0fb01a3fdca22382c1219baeb7
-
SSDEEP
24576:ATh1eoiO36rGtmc6w05LR743Hhq1hZhaaa0gbg6GX+IA71r8NJi9E3NNCtja8:2h19iv8TB+WRqRh7NIgXXExr8NJLN8te
Malware Config
Targets
-
-
Target
f8753727a9f2e1da0fd767056742795cd8ef421ae50acb67c34c879a8adde334
-
Size
1.2MB
-
MD5
802e875ad94efb8973607d5331cdd95d
-
SHA1
0bea92a51fb96433a9831e4159c4f5c13bac055d
-
SHA256
f8753727a9f2e1da0fd767056742795cd8ef421ae50acb67c34c879a8adde334
-
SHA512
dfbed5ed38aef42baeee3383746aed145ac4839b6ceff946bf6d059ed2aa5ac1f40fcf57e6f95c30f76c0cb2005b63590ee44d0fb01a3fdca22382c1219baeb7
-
SSDEEP
24576:ATh1eoiO36rGtmc6w05LR743Hhq1hZhaaa0gbg6GX+IA71r8NJi9E3NNCtja8:2h19iv8TB+WRqRh7NIgXXExr8NJLN8te
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-