General
-
Target
86027c44a51c67ce0f3daae952e316c42b154388b9b0f901cc52f129af1e25d6.exe
-
Size
513KB
-
Sample
250322-dwl3ra1kv7
-
MD5
c3427895ea6caf2f241b6d1be3919bf4
-
SHA1
ed3db70046a7e443f61c74e1394376aaecd7142f
-
SHA256
86027c44a51c67ce0f3daae952e316c42b154388b9b0f901cc52f129af1e25d6
-
SHA512
55186f958907b955ca140db0e7220ec52587956db9481f6aab53bbf12fa9d38f76b37f49843266b511bd5b15a89747db939cea07269101d9efc4f3a5a44c19cb
-
SSDEEP
6144:HquHqIJUGbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxj:3UGQtqB5urTIoYWBQk1E+VF9mOx9wi
Malware Config
Targets
-
-
Target
86027c44a51c67ce0f3daae952e316c42b154388b9b0f901cc52f129af1e25d6.exe
-
Size
513KB
-
MD5
c3427895ea6caf2f241b6d1be3919bf4
-
SHA1
ed3db70046a7e443f61c74e1394376aaecd7142f
-
SHA256
86027c44a51c67ce0f3daae952e316c42b154388b9b0f901cc52f129af1e25d6
-
SHA512
55186f958907b955ca140db0e7220ec52587956db9481f6aab53bbf12fa9d38f76b37f49843266b511bd5b15a89747db939cea07269101d9efc4f3a5a44c19cb
-
SSDEEP
6144:HquHqIJUGbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxj:3UGQtqB5urTIoYWBQk1E+VF9mOx9wi
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-