General
-
Target
fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1eN.exe
-
Size
641KB
-
Sample
241216-safq6ssrgv
-
MD5
1bd125665d45e6cab681259a508cfeb0
-
SHA1
bb4acbe58e144be89a55e88e6709a0dbb1b13895
-
SHA256
fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1e
-
SHA512
2738370c1b91545b6fe35a4411ed339d44633f212ca9dde109282cfb06ca780c72a2641b7c30616314dde10f1e670cb12a2aba60f84068bc006f2487d3f373f3
-
SSDEEP
12288:8XKUqE0V7v1j5Qu3fhoYTcNVlVY5ugNUko:8XrS1ll5N357Ro
Static task
static1
Behavioral task
behavioral1
Sample
fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1eN.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1eN.exe
-
Size
641KB
-
MD5
1bd125665d45e6cab681259a508cfeb0
-
SHA1
bb4acbe58e144be89a55e88e6709a0dbb1b13895
-
SHA256
fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1e
-
SHA512
2738370c1b91545b6fe35a4411ed339d44633f212ca9dde109282cfb06ca780c72a2641b7c30616314dde10f1e670cb12a2aba60f84068bc006f2487d3f373f3
-
SSDEEP
12288:8XKUqE0V7v1j5Qu3fhoYTcNVlVY5ugNUko:8XrS1ll5N357Ro
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-