Resubmissions

14-01-2025 15:27

250114-sv5k2a1qey 10

14-01-2025 11:13

250114-nbnqysymbm 10

General

  • Target

    f114d709b795b49873dd822cbd118e9c4d784e4d72a0dee323f37f0c986af11b

  • Size

    836KB

  • Sample

    250114-nbnqysymbm

  • MD5

    8e7754c1df2733a415e19a7388bb68ab

  • SHA1

    3df59dc5f5ab84eab89eb3192872c014983106af

  • SHA256

    f114d709b795b49873dd822cbd118e9c4d784e4d72a0dee323f37f0c986af11b

  • SHA512

    4a8f7610b4338f87e079d214d842aa1f33815e652a2a2384247f8c7d26946be43945789c47f1b4cbef5194c63fbc0956947819844cd15b9cbb8d88762be9524e

  • SSDEEP

    24576:cDgCAW5kT4yzCS5u92emOOq88k8YeWSK7u:ugWLOuX1ndk5uY

Malware Config

Targets

    • Target

      f114d709b795b49873dd822cbd118e9c4d784e4d72a0dee323f37f0c986af11b

    • Size

      836KB

    • MD5

      8e7754c1df2733a415e19a7388bb68ab

    • SHA1

      3df59dc5f5ab84eab89eb3192872c014983106af

    • SHA256

      f114d709b795b49873dd822cbd118e9c4d784e4d72a0dee323f37f0c986af11b

    • SHA512

      4a8f7610b4338f87e079d214d842aa1f33815e652a2a2384247f8c7d26946be43945789c47f1b4cbef5194c63fbc0956947819844cd15b9cbb8d88762be9524e

    • SSDEEP

      24576:cDgCAW5kT4yzCS5u92emOOq88k8YeWSK7u:ugWLOuX1ndk5uY

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks