General
-
Target
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
Size
988KB
-
Sample
221127-sqcpfsbg9y
-
MD5
43bce7d2d4566464370caaed1ddc3e8d
-
SHA1
d141faa5ec358cdf27d46abb00ab42b09d8b7561
-
SHA256
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
SHA512
99fac90d8c38faea3cb58e78814d24c60e42788b6159c94bd7f87ce026f0beccf4994a2accec4b04b2825067d37fd02c88e930ae49d5afc45e90771a9b64dff7
-
SSDEEP
24576:TIEd98/23P+JcpDNTRK/yr4+OCx9fr4WdH:cEdC/QWETKvEyWt
Malware Config
Targets
-
-
Target
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
Size
988KB
-
MD5
43bce7d2d4566464370caaed1ddc3e8d
-
SHA1
d141faa5ec358cdf27d46abb00ab42b09d8b7561
-
SHA256
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
SHA512
99fac90d8c38faea3cb58e78814d24c60e42788b6159c94bd7f87ce026f0beccf4994a2accec4b04b2825067d37fd02c88e930ae49d5afc45e90771a9b64dff7
-
SSDEEP
24576:TIEd98/23P+JcpDNTRK/yr4+OCx9fr4WdH:cEdC/QWETKvEyWt
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-