Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    ccb3b74d378733c21fc584875b5a8b07

  • SHA1

    6779b4d3cfff750eeeeba77ec7abf4e206cc3931

  • SHA256

    0b1fadc136b71d5961664a2a1dc8e340c28324d3d8637667f1280bee4c3d12db

  • SHA512

    ab0739b93d6db261cfb6a1ea0efc759eac6f883ba06dd2ca516bb9415a022215a1b35ccb5bac0c5b90d37878e509e0bb4da4645c312305b03a957b5bf61d2d58

  • SSDEEP

    49152:cpc6JirvEsh7B4/6LXhzmgvznCZzzg0zsYv:cp0rvdh7Sm1Pwzzg0zsY

  Score

  10^/10

  hawkeyecollectiondiscoverykeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2