General
-
Target
10986288171.zip
-
Size
589KB
-
Sample
230627-2kplhagf41
-
MD5
ceddae47f5cc18f850795f4406af29e5
-
SHA1
ed6e0a862e35e37f55946f4b14445ba92967e02e
-
SHA256
48891caca25640d071292a4e4aa25ba295a3f2c0cc61eb2ea29574c991420461
-
SHA512
62a7d45f83c125beda89077afd3fcd4cf324b00fd8cfb0fa283ee7d225d2ebb4dd38de8b5841b8d55658b4afffb804e8cb90563a2310d0c35b778a9aab81d5bf
-
SSDEEP
12288:dfiEDAQFIXNBCpGaW5NUOEunpLjyfniI/P00mgT5Gl28rs:11AQFsBCpO2apLjAiV01Gl2V
Malware Config
Targets
-
-
Target
e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d
-
Size
663KB
-
MD5
f0d69c291d513b01ec5a21f53d33b0ed
-
SHA1
d9613e6e1e19324bb5b020adbe17407a974364da
-
SHA256
e1aa6e8874d17d8568200df5ca741845430c07b115875c8f0f9872a1db10482d
-
SHA512
7e520253083c451a242005f5dcc5fa76a04f7e3a1273a6884877a8473e01b3bb809617213a70aa8e48130e5ed9222f39a992a4ce68162c9b472ac6970e4fad04
-
SSDEEP
12288:vvynoGCh0PqKzFXZHjA5kyL69JY6t59d8zH+jul:HIXXqeXZHjxyL69JvLqze
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-