General
-
Target
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
Size
1.2MB
-
Sample
221128-p2ereadg45
-
MD5
4240c55183b1dfe2b08910668ef79e63
-
SHA1
3965f66974b696564a487c79ea2311d6a238b465
-
SHA256
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
SHA512
eedbcdb306e73f660642fd36c0ed4ee7dc4bf771c9ce55190eba0b2378ccfaaa6907ba1e82c3605296fdd03a2de34a7cc7584321b2b43d4a8f177b023f6bf709
-
SSDEEP
24576:s4QGY5tdKnTEFxOHozGDtFP0GcuuyfFBHc1/FK8fo1HAg7U2K75Pvg:rXyZFxKXsGMmBHc19Jo1Hv9S
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
limbo015@yandex.ru - Password:
glorify101
Targets
-
-
Target
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
Size
1.2MB
-
MD5
4240c55183b1dfe2b08910668ef79e63
-
SHA1
3965f66974b696564a487c79ea2311d6a238b465
-
SHA256
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
SHA512
eedbcdb306e73f660642fd36c0ed4ee7dc4bf771c9ce55190eba0b2378ccfaaa6907ba1e82c3605296fdd03a2de34a7cc7584321b2b43d4a8f177b023f6bf709
-
SSDEEP
24576:s4QGY5tdKnTEFxOHozGDtFP0GcuuyfFBHc1/FK8fo1HAg7U2K75Pvg:rXyZFxKXsGMmBHc19Jo1Hv9S
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-