General
-
Target
93cd49a19e2af2f943b29467bdc0de7b90652f67ed08e997a575f19977d71882
-
Size
1.5MB
-
Sample
230129-xz5h2saf23
-
MD5
56980ef22b795ae8f5facc318fc66b7d
-
SHA1
671a18398ccf822f05970257ec708711ced70130
-
SHA256
93cd49a19e2af2f943b29467bdc0de7b90652f67ed08e997a575f19977d71882
-
SHA512
c0ff21db3c83589f391659b1e716a6795755095ccdae03b93791cdc3e5b22bff3d7257cbe289bbc276b767a78da460c6cb51d3c151944ad1444ef239b379dba4
-
SSDEEP
49152:Sh+ZkldoPK8Yad9HTczH/DpFy30cDfgqHn:L2cPK81O/1sl
Malware Config
Targets
-
-
Target
93cd49a19e2af2f943b29467bdc0de7b90652f67ed08e997a575f19977d71882
-
Size
1.5MB
-
MD5
56980ef22b795ae8f5facc318fc66b7d
-
SHA1
671a18398ccf822f05970257ec708711ced70130
-
SHA256
93cd49a19e2af2f943b29467bdc0de7b90652f67ed08e997a575f19977d71882
-
SHA512
c0ff21db3c83589f391659b1e716a6795755095ccdae03b93791cdc3e5b22bff3d7257cbe289bbc276b767a78da460c6cb51d3c151944ad1444ef239b379dba4
-
SSDEEP
49152:Sh+ZkldoPK8Yad9HTczH/DpFy30cDfgqHn:L2cPK81O/1sl
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-