Extracted

• • Target

    a016c13d92b2950a5494db8916dd77ba

  • Size

    709KB

  • MD5

    a016c13d92b2950a5494db8916dd77ba

  • SHA1

    8113747da58ffaf3964850704eed9ae32eeed846

  • SHA256

    0614874d49a085d84f0a2a71f370dff23a9898ee64a190d6cade492e4b91643d

  • SHA512

    2fe6ec7044276bc6d1631db75edd14dd6f7f756a1240580b686b7f93328726b7f4553a47db0b7c36624f919f9a81e17eb99e73225f9ff085de252133325bec76

  • SSDEEP

    12288:hnSLWoo7Zhx72JkQZvvkFMuYrIFmmh6JiBaA6Pt83cCS:RSLWZj7PQ5LamgaHV8zS

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2