General
-
Target
9b0f4414d5b5ee59307d7b2ab60eb8bb
-
Size
3.3MB
-
Sample
231219-znm6qscfa6
-
MD5
9b0f4414d5b5ee59307d7b2ab60eb8bb
-
SHA1
8cfe3bbfc4657ed842d527dcefce3b0e27fa62c3
-
SHA256
d5dcb2f47ea5932af830b535ac39453a6068f282886f9aa117f0f61dadbde148
-
SHA512
9e31ef946ccb2e00c56b4295fe9d5b7156adc5008358e3f1aad905013d1a77027fffd0671829772da015d6d8c22e17f5edd2510567288ae023bd2278be3924b6
-
SSDEEP
49152:vQdXxCkdjZE5BpeC/kimEZqa9aVLLkmRNT4rC/2PxI6JPEL0pgpUkQpCQPBImNx:o7kpe8kir9IL94rCSI7QpMUkQpCGBxNx
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
poploly11
Targets
-
-
Target
9b0f4414d5b5ee59307d7b2ab60eb8bb
-
Size
3.3MB
-
MD5
9b0f4414d5b5ee59307d7b2ab60eb8bb
-
SHA1
8cfe3bbfc4657ed842d527dcefce3b0e27fa62c3
-
SHA256
d5dcb2f47ea5932af830b535ac39453a6068f282886f9aa117f0f61dadbde148
-
SHA512
9e31ef946ccb2e00c56b4295fe9d5b7156adc5008358e3f1aad905013d1a77027fffd0671829772da015d6d8c22e17f5edd2510567288ae023bd2278be3924b6
-
SSDEEP
49152:vQdXxCkdjZE5BpeC/kimEZqa9aVLLkmRNT4rC/2PxI6JPEL0pgpUkQpCQPBImNx:o7kpe8kir9IL94rCSI7QpMUkQpCGBxNx
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-