Extracted

• • Target

    28fbf26d76059fb5f277eaae5b7f894b

  • Size

    644KB

  • MD5

    28fbf26d76059fb5f277eaae5b7f894b

  • SHA1

    8bf8f4ccadd44da372359a31598856e187dc5b1f

  • SHA256

    97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0

  • SHA512

    2db87c5f04edbfee71575ca045dd96e694e75b0c84a7400e01ba429af44987052d7b7b694bdbc5ef808b917d1f39d6ab6f521b40d895e3c1d8da938450800660

  • SSDEEP

    12288:q0wKEpZHDQi7vhMgWMzU9l9fDWmSsLbpnHrM8DoiQQWpH3UMQ9fp6zgJGE0:1Ejki75MTSCaaLbpnQ/zpU9ozMa

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojanupx

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2