General
-
Target
a2cc926b7b025641b2d587ce686c510f914738dd8074afa406546fcc948854b7.zip
-
Size
3.4MB
-
Sample
240402-q7pn8sce22
-
MD5
7c10887bad1c680484a218732680d1f4
-
SHA1
a21f0514612df6de8dd4606428bd92fcebb2924e
-
SHA256
d75128655f8603b5802f6b18c46251539e17914fc805923556ab78e41cb53354
-
SHA512
d842d16be31a386881106059f130132b07c5f7ef5f3dc151825e45b261cd50a98cdb8be0913fb5832b7b405dea7fd28b816b7ad5a1ef1a1a8f3d1f5c98843692
-
SSDEEP
98304:iWfvTZIIArBwFdycAP6vOW/0rI8c0/ECC+v:iWH1PBy5zN/ECC+v
Malware Config
Targets
-
-
Target
Invoice.exe
-
Size
5.8MB
-
MD5
e0ad1b070ad9c0430f491d07c2708484
-
SHA1
f36de48706a23f38d7b3fa070d8948dbc9ac3491
-
SHA256
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712
-
SHA512
d7bea99b6595f75c0a448d93f8a1394d93a23d88933d3d26ba4c141faa69f9d87a18cf0535cb9e0e3016ad9067ade5320fc0171e7bbe84a42989bfd2f6c25ef9
-
SSDEEP
98304:AuBV+GvjiaLzY5lk+Ar+fbleEfho0b6s0LSvIragO0fMvU/5Lf62LDY:AbGvPE5Ca183
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-