General
-
Target
62e5f86d7df3d239abf531c4f14b5f6e486c34a866e80603b43aa925f8910f75
-
Size
884KB
-
Sample
221130-shs2gadf9t
-
MD5
202f882a46b4f95ef5b3c161fdb00f06
-
SHA1
162181178d2f5a3d453e70bf1a369eedd89f103c
-
SHA256
62e5f86d7df3d239abf531c4f14b5f6e486c34a866e80603b43aa925f8910f75
-
SHA512
efbd3a74b355a9c7b02a169fd950686a1dafa3e8db5122b6787a65118fe77452d3b3aadc1634ab7a71eb0aa444187694f6000365ab02cbb893c25c330584e80a
-
SSDEEP
12288:pYV6MorX7qzuC3QHO9FQVHPF51jgcgM751HzqhodTWjaX2IOXF3pWzEXVzJhCWQH:eBXu9HGaVHbHHWaXxQ1pWgZJAnRzl
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ud@wirelord1990.pw - Password:
@Rocking11.
Targets
-
-
Target
62e5f86d7df3d239abf531c4f14b5f6e486c34a866e80603b43aa925f8910f75
-
Size
884KB
-
MD5
202f882a46b4f95ef5b3c161fdb00f06
-
SHA1
162181178d2f5a3d453e70bf1a369eedd89f103c
-
SHA256
62e5f86d7df3d239abf531c4f14b5f6e486c34a866e80603b43aa925f8910f75
-
SHA512
efbd3a74b355a9c7b02a169fd950686a1dafa3e8db5122b6787a65118fe77452d3b3aadc1634ab7a71eb0aa444187694f6000365ab02cbb893c25c330584e80a
-
SSDEEP
12288:pYV6MorX7qzuC3QHO9FQVHPF51jgcgM751HzqhodTWjaX2IOXF3pWzEXVzJhCWQH:eBXu9HGaVHbHHWaXxQ1pWgZJAnRzl
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-