General
-
Target
097f77ec50371fba40bb061aac3e728b24562ffcdab2163e0235a52449008a1a.exe
-
Size
808KB
-
Sample
241125-31dplstjb1
-
MD5
df749218c5db179466998091620fb04a
-
SHA1
2073109fdeed441acc983b7e44fece23612e26f8
-
SHA256
097f77ec50371fba40bb061aac3e728b24562ffcdab2163e0235a52449008a1a
-
SHA512
971dcf7c562cec552b18e83158cf2a7de16e1e0edf8ec122056133dddb1eb6995c53fea8476500c4dc044ffc485bed60abd9390f4300584fa2fa79639a29c544
-
SSDEEP
24576:R9/qZcttE/5uG9OZmLt3jQSDc40FDGafChHpbH9g+:riZKt7G4ZRK0FDGaqi+
Malware Config
Targets
-
-
Target
097f77ec50371fba40bb061aac3e728b24562ffcdab2163e0235a52449008a1a.exe
-
Size
808KB
-
MD5
df749218c5db179466998091620fb04a
-
SHA1
2073109fdeed441acc983b7e44fece23612e26f8
-
SHA256
097f77ec50371fba40bb061aac3e728b24562ffcdab2163e0235a52449008a1a
-
SHA512
971dcf7c562cec552b18e83158cf2a7de16e1e0edf8ec122056133dddb1eb6995c53fea8476500c4dc044ffc485bed60abd9390f4300584fa2fa79639a29c544
-
SSDEEP
24576:R9/qZcttE/5uG9OZmLt3jQSDc40FDGafChHpbH9g+:riZKt7G4ZRK0FDGaqi+
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1