Extracted

• • Target

    1f19a6fab04c32d87b4fe20c37440240_NeikiAnalytics.exe

  • Size

    1.9MB

  • MD5

    1f19a6fab04c32d87b4fe20c37440240

  • SHA1

    90a628a9487fa15bf1bad7e0323eb313da2cbad3

  • SHA256

    3e5405c230d014c8574873dca1c221e84296b176fee0922f411b0ea1c4c532b9

  • SHA512

    b882a9c61c573f72a60aaa360b951d5480adaf86b373274450536fec95cfb26d243f57a7f85545273a6f557c42ee3c296038c2192dc48a7913e606636f2c6a22

  • SSDEEP

    24576:Yu6Jx3O0c+JY5UZ+XC0kGso/Wahp64RlTKoxeQACVo7LhkiS6BWY:SI0c++OCvkGsUWaNY

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2