General
-
Target
PO 2010029_pdf Quotation from Alibaba Ale.exe
-
Size
1.0MB
-
Sample
210119-ct1yds4qbe
-
MD5
134bf4ddd2a72c5c396647f7037af0e1
-
SHA1
83407c5d075e7a8664bd50b1cfe6d82eb936342e
-
SHA256
76db811bca515b8c2f782394e24b4bbce6269211f6e8971b4897bdffd554303b
-
SHA512
e010172192c7a0ee2db793b01d0c90644df0aeda6a475598b42c6ce8abc67195c3a807d529cfa6755905fa1adcb25fc2eb80b4fcc7dab0d42380b81d5726c712
Malware Config
Extracted
Protocol: smtp- Host:
outback.websitewelcome.com - Port:
587 - Username:
schoolboy@legisevantzplaningtutoz.com - Password:
uDA9jC4eZmuj
Targets
-
-
Target
PO 2010029_pdf Quotation from Alibaba Ale.exe
-
Size
1.0MB
-
MD5
134bf4ddd2a72c5c396647f7037af0e1
-
SHA1
83407c5d075e7a8664bd50b1cfe6d82eb936342e
-
SHA256
76db811bca515b8c2f782394e24b4bbce6269211f6e8971b4897bdffd554303b
-
SHA512
e010172192c7a0ee2db793b01d0c90644df0aeda6a475598b42c6ce8abc67195c3a807d529cfa6755905fa1adcb25fc2eb80b4fcc7dab0d42380b81d5726c712
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-