General
-
Target
24e2599bd25c744f0a93b08b53cb4403433b3ca029b441eacebb4009e9839888
-
Size
1.2MB
-
Sample
241123-zcpv7a1phj
-
MD5
dcc9fcd7e53d57952f0efc57960b3196
-
SHA1
7e20f798bb34ebc9726a097a9d8a9f058d818d5e
-
SHA256
24e2599bd25c744f0a93b08b53cb4403433b3ca029b441eacebb4009e9839888
-
SHA512
4a31a4809afa3287dcf5cc46f63aa707a6d09ce9ed41b0627ff328cd04297e8fb36ca1d7c34bb5b3fe192230ea6c9096f96176f4c7990002455fd5dfc5bba487
-
SSDEEP
24576:yhntGx9yVf41ob4s6ABttGZOATIZXTnR1l:2tGZ1oEEbG8xXjl
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
[email protected] - Password:
Diego1986
Targets
-
-
Target
24e2599bd25c744f0a93b08b53cb4403433b3ca029b441eacebb4009e9839888
-
Size
1.2MB
-
MD5
dcc9fcd7e53d57952f0efc57960b3196
-
SHA1
7e20f798bb34ebc9726a097a9d8a9f058d818d5e
-
SHA256
24e2599bd25c744f0a93b08b53cb4403433b3ca029b441eacebb4009e9839888
-
SHA512
4a31a4809afa3287dcf5cc46f63aa707a6d09ce9ed41b0627ff328cd04297e8fb36ca1d7c34bb5b3fe192230ea6c9096f96176f4c7990002455fd5dfc5bba487
-
SSDEEP
24576:yhntGx9yVf41ob4s6ABttGZOATIZXTnR1l:2tGZ1oEEbG8xXjl
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-