General
-
Target
90f5a9256f9effd26cb7793b8e71a3c232d64ddac33c25bcf18fcb8ae4e84a04
-
Size
194KB
-
Sample
230129-2xe8lagc78
-
MD5
0b601c8e85e66b573c24d2ac6846a001
-
SHA1
80e90c3b91ac845e9c57df24f6de206bff0ba2b8
-
SHA256
90f5a9256f9effd26cb7793b8e71a3c232d64ddac33c25bcf18fcb8ae4e84a04
-
SHA512
305c1d46f620b7d94fb575ddd32dbe0a2527e198c49013c4ba4976bddda778f71fc03dfc916ce5cee015ea4b80bf38e397bd6b2c62fce944f3933bf26b976150
-
SSDEEP
3072:leoj6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxTsiqX5G9:Y+hvg8DL5ntb7hBkgXoZxTsid
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
mastaex2@gmail.com - Password:
fh6113887
Targets
-
-
Target
90f5a9256f9effd26cb7793b8e71a3c232d64ddac33c25bcf18fcb8ae4e84a04
-
Size
194KB
-
MD5
0b601c8e85e66b573c24d2ac6846a001
-
SHA1
80e90c3b91ac845e9c57df24f6de206bff0ba2b8
-
SHA256
90f5a9256f9effd26cb7793b8e71a3c232d64ddac33c25bcf18fcb8ae4e84a04
-
SHA512
305c1d46f620b7d94fb575ddd32dbe0a2527e198c49013c4ba4976bddda778f71fc03dfc916ce5cee015ea4b80bf38e397bd6b2c62fce944f3933bf26b976150
-
SSDEEP
3072:leoj6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxTsiqX5G9:Y+hvg8DL5ntb7hBkgXoZxTsid
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-