General

  • Target

    0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200

  • Size

    520KB

  • Sample

    220222-3nd5lsgfbj

  • MD5

    67776527840d82f76b5813cfaafec0be

  • SHA1

    e69ed79ab697be1fbd1452a000d7d95975cc8a2c

  • SHA256

    0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200

  • SHA512

    44e96f99230f486420bb46093dac8e26974029bdd9fbeb7acce3338063547d449aedcdca793e03de13df2624a24ff4986d71233acbfebd7fbc39def754e0d974

Malware Config

Targets

    • Target

      0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200

    • Size

      520KB

    • MD5

      67776527840d82f76b5813cfaafec0be

    • SHA1

      e69ed79ab697be1fbd1452a000d7d95975cc8a2c

    • SHA256

      0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200

    • SHA512

      44e96f99230f486420bb46093dac8e26974029bdd9fbeb7acce3338063547d449aedcdca793e03de13df2624a24ff4986d71233acbfebd7fbc39def754e0d974

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks