Extracted

• • Target

    83d3b8fb46c4e3ac63df6d960cf6aa7c7aaff1843ffe5cfe2c4f7db98bbce3efN.exe

  • Size

    520KB

  • MD5

    af60426a0eb85c182631934af8ef9c40

  • SHA1

    3da4dfb63f2f3a4e5094e4b7cd17bee1f4b0d1f2

  • SHA256

    83d3b8fb46c4e3ac63df6d960cf6aa7c7aaff1843ffe5cfe2c4f7db98bbce3ef

  • SHA512

    8685100a2da5bdfe9e7f2554b899aee12bdd826495872eb737e3093f7cd8bc2b99014a1f6389c2613a4483f7013c92e25608f3d3ec99e54a30f2a05a33f3ce1c

  • SSDEEP

    6144:4uXqDCZAbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9c:/ZAQtqB5urTIoYWBQk1E+VF9mOx99i

  Score

  10^/10

  hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Hawkeye family

    hawkeye

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2