Extracted

• • Target

    409021962f521632561d4cb8b5ff2a1a

  • Size

    2.9MB

  • MD5

    409021962f521632561d4cb8b5ff2a1a

  • SHA1

    1ce4ef8554a104087c4c70ec9946e0156f7f6fda

  • SHA256

    c8f5eb62c605962a4705a52a75280589a8b26952613ad093289036b2ed404627

  • SHA512

    380cd71d27a17bb237841afc2f3d7ca6d87658b8a778f2d2b595910b79ad3268e51b0000493be9d4dc79fef5bd2902a3e95982d6a194d006c487171bd70ebc29

  • SSDEEP

    24576:gRmJkcoQricOIQxiZY1iamoEZ3dMo2+6mTY4E4yKTiFWH+zuwfsUNXzpdenr/gT4:VJZoQrbTFZY1iamf

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2