Extracted

• • Target

    0a77eae3916dbed61916324dbfeefd337b89acc1613b65d3291923caac3955cb_1.exe

  • Size

    628KB

  • MD5

    63596f2392855aacd0ed6de194d2677c

  • SHA1

    6c8cf836c5715e21397894c9087b38a740163099

  • SHA256

    0a77eae3916dbed61916324dbfeefd337b89acc1613b65d3291923caac3955cb

  • SHA512

    7204def70b4c68ff229322cbb4c06e9a30a8718af58fdee1c96b2eba6a6fc07b35cbbb88dc00c847a0d7be2a5cd6709c93e73e81988b97907dc6848c66f792b7

  • SSDEEP

    12288:aYzypdcExuMNqEa/cbeZXBvmS5TVtXPJkHxym1CT3+JEpE:aYKcPl/VqqTVtXP+xp1y3Ck

  Score

  10^/10

  hawkeyecollectiondiscoverykeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Hawkeye family

    hawkeye

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1