General

  • Target

    8329f8176e926053fc9a4db2f9eb09aff6fec31c197e919ae26cb9501926c516

  • Size

    1.5MB

  • Sample

    201025-1tn8pwgx6n

  • MD5

    6283d7dedf246ce837a43b9843356cd4

  • SHA1

    f81c108eced16ff1f6b9b34037f14b248242ce34

  • SHA256

    8329f8176e926053fc9a4db2f9eb09aff6fec31c197e919ae26cb9501926c516

  • SHA512

    831f45b904b10454c5499c6b9888a9ea91ed632a1df15e9535661bcdd45c0365254dfae044cf6d1c2dc9d5fc39a533c139114b95e6b3d7abd712304968491d6c

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    173.237.185.61
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575ace

Targets

    • Target

      8329f8176e926053fc9a4db2f9eb09aff6fec31c197e919ae26cb9501926c516

    • Size

      1.5MB

    • MD5

      6283d7dedf246ce837a43b9843356cd4

    • SHA1

      f81c108eced16ff1f6b9b34037f14b248242ce34

    • SHA256

      8329f8176e926053fc9a4db2f9eb09aff6fec31c197e919ae26cb9501926c516

    • SHA512

      831f45b904b10454c5499c6b9888a9ea91ed632a1df15e9535661bcdd45c0365254dfae044cf6d1c2dc9d5fc39a533c139114b95e6b3d7abd712304968491d6c

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks