General

  • Target

    18fd18ece6801f6226348a3ad0f838bbffec09e5740d939c29418e50fd371ed3

  • Size

    521KB

  • Sample

    220222-sbe62abcbm

  • MD5

    88197354c5f58f25c6b254eb548ba1be

  • SHA1

    794889cda449c3d7aaad0d23cde425a399a1c7c5

  • SHA256

    18fd18ece6801f6226348a3ad0f838bbffec09e5740d939c29418e50fd371ed3

  • SHA512

    b1e15ecbff52763d2b7a2954dc4de824f2b527cea6af7121ae015bedb27dba7ebb60609c8e205a43b13dba2f7f47155577cae3e077504eda47939aa5388ce515

Malware Config

Targets

    • Target

      18fd18ece6801f6226348a3ad0f838bbffec09e5740d939c29418e50fd371ed3

    • Size

      521KB

    • MD5

      88197354c5f58f25c6b254eb548ba1be

    • SHA1

      794889cda449c3d7aaad0d23cde425a399a1c7c5

    • SHA256

      18fd18ece6801f6226348a3ad0f838bbffec09e5740d939c29418e50fd371ed3

    • SHA512

      b1e15ecbff52763d2b7a2954dc4de824f2b527cea6af7121ae015bedb27dba7ebb60609c8e205a43b13dba2f7f47155577cae3e077504eda47939aa5388ce515

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks