General
-
Target
231eb8d1c2f39452977edb07c49276b0dd9886178d16daee32a8a59dac8a8631.exe
-
Size
999KB
-
Sample
241202-1gqhystqaw
-
MD5
fc5828552d2036dc60430b21253b5e44
-
SHA1
737cf33db7761061bd0774ebbd8976445cb98df1
-
SHA256
231eb8d1c2f39452977edb07c49276b0dd9886178d16daee32a8a59dac8a8631
-
SHA512
9eb22f7ed932371a8a083399cd4dc48daebbddb6daa5f547d07049ac89261b660c25265586800ac1644d74234712b8b37478d1111b0e34c8092ce65bf2cb008f
-
SSDEEP
24576:ghyp66+rMAW4bzZJfkgmT6sGIcBRLYP64o:AypmA4bNJfkgm2sMBRLN4o
Malware Config
Targets
-
-
Target
231eb8d1c2f39452977edb07c49276b0dd9886178d16daee32a8a59dac8a8631.exe
-
Size
999KB
-
MD5
fc5828552d2036dc60430b21253b5e44
-
SHA1
737cf33db7761061bd0774ebbd8976445cb98df1
-
SHA256
231eb8d1c2f39452977edb07c49276b0dd9886178d16daee32a8a59dac8a8631
-
SHA512
9eb22f7ed932371a8a083399cd4dc48daebbddb6daa5f547d07049ac89261b660c25265586800ac1644d74234712b8b37478d1111b0e34c8092ce65bf2cb008f
-
SSDEEP
24576:ghyp66+rMAW4bzZJfkgmT6sGIcBRLYP64o:AypmA4bNJfkgm2sMBRLN4o
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-