Overview

overview

10

Static

static

3

50acb0d9a9...bd.exe

windows7-x64

10

50acb0d9a9...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f42a0a4f4c44c32c274c2383096d515.zip

  • Size

    729KB

  • Sample

    240901-nh7gmszclf

  • MD5

    8cf9ecbe3be3de9d2a95945f74d2bdb9

  • SHA1

    6fa523d8e491cc8738dfd931775e0f621678d3a4

  • SHA256

    91506ce6b6052875242687efede3b7014aad246956525a2a89cb58b882df070b

  • SHA512

    abc3fc4e028c8c5b615d4435b8a5c0671db30d6487da207f1c07b6c5a5306ebb15bed21b3e6f0e8876ff5023116261ae7c7f90ee9a9a2623be1ec85fbf9effdb

  • SSDEEP

    12288:qSfs1YSjhor4Mz5XdlIfQ3OKNeNQMt0milTHrbZzDKI3+QppuLNzLamMOcY5RjPi:qS+YSc3mSNeXolTHZz+t3gOHRjPYmzg

Score
10/10
hawkeyecollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      50acb0d9a9bc6cbca94b77ff490d5aff20c453b24c1fdd498a38a0878755d0bd

    • Size

      790KB

    • MD5

      6f42a0a4f4c44c32c274c2383096d515

    • SHA1

      dcef833539c48b66f83c80c7f349bbbb16a057cd

    • SHA256

      50acb0d9a9bc6cbca94b77ff490d5aff20c453b24c1fdd498a38a0878755d0bd

    • SHA512

      87d1b426d2cfbdd609f4d8b2a4bd09ba2afeb101307e3a4dcc8fa9fa9bd1f0498a3ce5bedf50e2fb92c838b0e9a44624ca4d72b5f539cc10245cfedca04b3312

    • SSDEEP

      12288:qUi2iN7WxGv2cEgBsSs4j9a1sEEWPPJK1i2RGPBaVj0FbJqzvH1i4QPuTfj+:qUi1SgPEg2j1HPBKnRq40EvHEvP4fj+

    Score
    10/10
    hawkeyecollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks