General
-
Target
fe9796810edd02dc48ca59656566ff71ea0d213fb14e458421de73b4f2735b8a
-
Size
543KB
-
Sample
221127-vchpnagc6x
-
MD5
ef561708df59c5437a6b08c50a08c39f
-
SHA1
92f9382db2f67bad81194f8b1314ca7981865eb7
-
SHA256
fe9796810edd02dc48ca59656566ff71ea0d213fb14e458421de73b4f2735b8a
-
SHA512
c0ab2fe412e27b900f1096c32413d3bfc76c6d0a7859cf8405c55d69edc6ad3e7e342dc48629d7e770abfadd4a64d86af507041a75a2a388c5b1e89ae2d476fd
-
SSDEEP
12288:1yz/JcqPnWjuOvlJSQGKT7bngnruX249+Tuoxj9GqJT/1P/fpw:1Sc7jpvfSzK7ngnrE27bj9Geln
Malware Config
Targets
-
-
Target
fe9796810edd02dc48ca59656566ff71ea0d213fb14e458421de73b4f2735b8a
-
Size
543KB
-
MD5
ef561708df59c5437a6b08c50a08c39f
-
SHA1
92f9382db2f67bad81194f8b1314ca7981865eb7
-
SHA256
fe9796810edd02dc48ca59656566ff71ea0d213fb14e458421de73b4f2735b8a
-
SHA512
c0ab2fe412e27b900f1096c32413d3bfc76c6d0a7859cf8405c55d69edc6ad3e7e342dc48629d7e770abfadd4a64d86af507041a75a2a388c5b1e89ae2d476fd
-
SSDEEP
12288:1yz/JcqPnWjuOvlJSQGKT7bngnruX249+Tuoxj9GqJT/1P/fpw:1Sc7jpvfSzK7ngnrE27bj9Geln
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-