General
-
Target
cdb39fc581b72b36c079abec9e2bfefa9a03e5dc00589a5889406f0647b0901a
-
Size
205KB
-
Sample
221130-z3jf4aaa4x
-
MD5
7b0685897c65b060494c91b0b701fa71
-
SHA1
4f597320790d71cf000e4b03dcae8a11b6946410
-
SHA256
cdb39fc581b72b36c079abec9e2bfefa9a03e5dc00589a5889406f0647b0901a
-
SHA512
17e1e8821eec0c8aeb70551d833c0afc9805543997f98cd4430a254e2d51ca9b710a252fabc2d35beb4c338972955d4393e011f56dcf661f4526cce2796df197
-
SSDEEP
6144:WSIWTqzmgoJlS5Oz4BS9sqLFuV8hHaB+:Wi4mgoJlS5OsGQ8
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
bozoveleye@gmail.com - Password:
iyikalpli_3303
Targets
-
-
Target
cdb39fc581b72b36c079abec9e2bfefa9a03e5dc00589a5889406f0647b0901a
-
Size
205KB
-
MD5
7b0685897c65b060494c91b0b701fa71
-
SHA1
4f597320790d71cf000e4b03dcae8a11b6946410
-
SHA256
cdb39fc581b72b36c079abec9e2bfefa9a03e5dc00589a5889406f0647b0901a
-
SHA512
17e1e8821eec0c8aeb70551d833c0afc9805543997f98cd4430a254e2d51ca9b710a252fabc2d35beb4c338972955d4393e011f56dcf661f4526cce2796df197
-
SSDEEP
6144:WSIWTqzmgoJlS5Oz4BS9sqLFuV8hHaB+:Wi4mgoJlS5OsGQ8
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-