General
-
Target
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
Size
1.2MB
-
Sample
221128-pxvl3ade42
-
MD5
ceabbc90cd1582f1e9b6bebaea1684f1
-
SHA1
600f41cb2a056208e1bf928440643f617478912b
-
SHA256
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
SHA512
666487dd5204b3a467f23bc874604b7984472856a696795cbb68988c98781b16cf92b425619290aeb1ac4d520d25b22cf83718e54a73616a979ea6da39e78f95
-
SSDEEP
24576:E2a5a9gHSaExU8QGqpwI8qknngTkRuCdfKLtlsDbS4kfSgJ4VHa6:A5a9gHSNUjGqpN8HnttdifsDbS48SgJN
Malware Config
Targets
-
-
Target
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
Size
1.2MB
-
MD5
ceabbc90cd1582f1e9b6bebaea1684f1
-
SHA1
600f41cb2a056208e1bf928440643f617478912b
-
SHA256
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
SHA512
666487dd5204b3a467f23bc874604b7984472856a696795cbb68988c98781b16cf92b425619290aeb1ac4d520d25b22cf83718e54a73616a979ea6da39e78f95
-
SSDEEP
24576:E2a5a9gHSaExU8QGqpwI8qknngTkRuCdfKLtlsDbS4kfSgJ4VHa6:A5a9gHSNUjGqpN8HnttdifsDbS48SgJN
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-