General
-
Target
08d679d4b9a12137756cc9244bd6f017
-
Size
1.2MB
-
Sample
231224-v77bhaachk
-
MD5
08d679d4b9a12137756cc9244bd6f017
-
SHA1
580c29bc356057d76873c9c453ed466e1024b7f2
-
SHA256
047f33e6f83796d9fc056d7006a6e8ef69696d63eceb29fb1592bb13a62e79bf
-
SHA512
e6293a802a6f539be11df5f6d83ee113ad98d8e5566d59810a18359ff0756eabe2b10f4c8bbd1e17222aaf45400b8a89d33f0e5786418347dc5213b79d8d7116
-
SSDEEP
24576:1pMP/pBvygA8z+uhHJQNmR3X2rhK1+pSRs/N:1pMt3qu3H261Rs/N
Malware Config
Targets
-
-
Target
08d679d4b9a12137756cc9244bd6f017
-
Size
1.2MB
-
MD5
08d679d4b9a12137756cc9244bd6f017
-
SHA1
580c29bc356057d76873c9c453ed466e1024b7f2
-
SHA256
047f33e6f83796d9fc056d7006a6e8ef69696d63eceb29fb1592bb13a62e79bf
-
SHA512
e6293a802a6f539be11df5f6d83ee113ad98d8e5566d59810a18359ff0756eabe2b10f4c8bbd1e17222aaf45400b8a89d33f0e5786418347dc5213b79d8d7116
-
SSDEEP
24576:1pMP/pBvygA8z+uhHJQNmR3X2rhK1+pSRs/N:1pMt3qu3H261Rs/N
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-