General
-
Target
77b2b3c5aba9047e063097d6a0e5efa617e539df5630404a81b4437cd7b0b727
-
Size
468KB
-
Sample
241231-3wsb7swkh1
-
MD5
6ccf841ca92807fe9f10db607f137e69
-
SHA1
3bc2018b7bb88980b99f1c6f0d8e6ef1392a1072
-
SHA256
77b2b3c5aba9047e063097d6a0e5efa617e539df5630404a81b4437cd7b0b727
-
SHA512
0be1c72156629eb95874fafce4928dd0deb2c17fc181efa1be3d8895985f9ecf972cb2af88f7a68ad8851b3c245b26f46701dcaf368f5aea81a882bbf2b5fc40
-
SSDEEP
12288:jQFHduFTvmOaeFE0+52UXcQJeR7M+tBkXHh:jQdE1NFE045M9ZAHh
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
gud12345678
Targets
-
-
Target
77b2b3c5aba9047e063097d6a0e5efa617e539df5630404a81b4437cd7b0b727
-
Size
468KB
-
MD5
6ccf841ca92807fe9f10db607f137e69
-
SHA1
3bc2018b7bb88980b99f1c6f0d8e6ef1392a1072
-
SHA256
77b2b3c5aba9047e063097d6a0e5efa617e539df5630404a81b4437cd7b0b727
-
SHA512
0be1c72156629eb95874fafce4928dd0deb2c17fc181efa1be3d8895985f9ecf972cb2af88f7a68ad8851b3c245b26f46701dcaf368f5aea81a882bbf2b5fc40
-
SSDEEP
12288:jQFHduFTvmOaeFE0+52UXcQJeR7M+tBkXHh:jQdE1NFE045M9ZAHh
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-