General
-
Target
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
Size
1.1MB
-
Sample
221128-wecf4ahd7w
-
MD5
36d0c2908620bdfe773f4fc6e419aae8
-
SHA1
1a41c284bfc185f3bc49c57370d6712276de7559
-
SHA256
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
SHA512
ae75ec1f231780007f4596aadaf0e54193bdc4ed222d4dabaed0c8b595aebe4d4273cf93ae30d7af95cd2fa3f9e17ec155bc2e8a38844ab07ff428a75c0533d2
-
SSDEEP
24576:XkLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Ux6
Malware Config
Targets
-
-
Target
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
Size
1.1MB
-
MD5
36d0c2908620bdfe773f4fc6e419aae8
-
SHA1
1a41c284bfc185f3bc49c57370d6712276de7559
-
SHA256
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
SHA512
ae75ec1f231780007f4596aadaf0e54193bdc4ed222d4dabaed0c8b595aebe4d4273cf93ae30d7af95cd2fa3f9e17ec155bc2e8a38844ab07ff428a75c0533d2
-
SSDEEP
24576:XkLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Ux6
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-