General
-
Target
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
Size
612KB
-
Sample
221128-ns3ansfb8x
-
MD5
22e87999f93e9368b2272cdd49cf49d7
-
SHA1
68addbfad46359c58eb68dad524db6294838e02a
-
SHA256
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
SHA512
4fff863181463b78b11523eda50ef67b80ae0964996fe4660db31fafa22f5a203551dbd15836534c3c426d2351ca6038a0d1eaeb1833b03c2ca9eefaff00e3e6
-
SSDEEP
12288:TMF/qkQz5Vj+OMR8HnTgLJuAliyJ5/wd8ln4R0tW1cPOVk:IFvS68HnTgL4yD/wzR0uc
Malware Config
Targets
-
-
Target
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
Size
612KB
-
MD5
22e87999f93e9368b2272cdd49cf49d7
-
SHA1
68addbfad46359c58eb68dad524db6294838e02a
-
SHA256
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
SHA512
4fff863181463b78b11523eda50ef67b80ae0964996fe4660db31fafa22f5a203551dbd15836534c3c426d2351ca6038a0d1eaeb1833b03c2ca9eefaff00e3e6
-
SSDEEP
12288:TMF/qkQz5Vj+OMR8HnTgLJuAliyJ5/wd8ln4R0tW1cPOVk:IFvS68HnTgL4yD/wzR0uc
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-