General
-
Target
e4ebab2236fe8ee61d700af17698b9b78a7b4a017fbbcc1c348ca5c43846ed00
-
Size
553KB
-
Sample
230129-r7gjasch7z
-
MD5
7377245e4800bddf4a04988972a7d0b4
-
SHA1
aff20a83a8638f57774c7035b01f16198e06e2fa
-
SHA256
e4ebab2236fe8ee61d700af17698b9b78a7b4a017fbbcc1c348ca5c43846ed00
-
SHA512
74eeb62a8b90d030125252312f52dd7f554f0c45d20191fbedb55e78a74149e4e2908aba72a4d41be7c85c3f9dffd924acdae9ceffa6f02055dcc8ae07a55408
-
SSDEEP
6144:ULuBqxStDbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxb:1tDQtqB5urTIoYWBQk1E+VF9mOx9Uit
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
awdawfav@mail.ru - Password:
Bopone4489
Targets
-
-
Target
e4ebab2236fe8ee61d700af17698b9b78a7b4a017fbbcc1c348ca5c43846ed00
-
Size
553KB
-
MD5
7377245e4800bddf4a04988972a7d0b4
-
SHA1
aff20a83a8638f57774c7035b01f16198e06e2fa
-
SHA256
e4ebab2236fe8ee61d700af17698b9b78a7b4a017fbbcc1c348ca5c43846ed00
-
SHA512
74eeb62a8b90d030125252312f52dd7f554f0c45d20191fbedb55e78a74149e4e2908aba72a4d41be7c85c3f9dffd924acdae9ceffa6f02055dcc8ae07a55408
-
SSDEEP
6144:ULuBqxStDbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxb:1tDQtqB5urTIoYWBQk1E+VF9mOx9Uit
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-