General
-
Target
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.zip
-
Size
3.8MB
-
Sample
240402-q7nf6scd95
-
MD5
cc8d5c07bfaf3255b8f57d8306a7d1be
-
SHA1
eae7e416fb8262dea83138703c825899f900ee1e
-
SHA256
61f954a1c4e16eb74c56fb3104bd3d835a298416a133988ad4900f4569aca8d5
-
SHA512
a40e42034f1b3095f0966976c9be7cba7ae0026315c737acde45c842675dded18ff963008e88e623476e8ed4f85ed11ea0ef5868e82757bf0ea10481514e89db
-
SSDEEP
98304:G7A0mcJx8SRxaz5d+wZJqFgwOgwilTrJrzfPZcvT1:G3Jxj/aFU6JPilTrJrz3Z+p
Malware Config
Targets
-
-
Target
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712.exe
-
Size
5.8MB
-
MD5
e0ad1b070ad9c0430f491d07c2708484
-
SHA1
f36de48706a23f38d7b3fa070d8948dbc9ac3491
-
SHA256
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712
-
SHA512
d7bea99b6595f75c0a448d93f8a1394d93a23d88933d3d26ba4c141faa69f9d87a18cf0535cb9e0e3016ad9067ade5320fc0171e7bbe84a42989bfd2f6c25ef9
-
SSDEEP
98304:AuBV+GvjiaLzY5lk+Ar+fbleEfho0b6s0LSvIragO0fMvU/5Lf62LDY:AbGvPE5Ca183
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-