General

  • Target

    15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e

  • Size

    521KB

  • Sample

    220222-tzdhsacbek

  • MD5

    b885a4a71af4f20f080b2974b91dda9c

  • SHA1

    cb9eab801c7227895f6cbdd5d4de21d3cfe651fb

  • SHA256

    15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e

  • SHA512

    0d5e4c9e29b50f0b768ce1658ab3b3ea875176f78beb616fb0cd7729b196e878f6412ae99e807e5b705f89d1e84a1465b174531d7d0273ef2453154c60c09664

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.outlook.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    123nuri123

Targets

    • Target

      15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e

    • Size

      521KB

    • MD5

      b885a4a71af4f20f080b2974b91dda9c

    • SHA1

      cb9eab801c7227895f6cbdd5d4de21d3cfe651fb

    • SHA256

      15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e

    • SHA512

      0d5e4c9e29b50f0b768ce1658ab3b3ea875176f78beb616fb0cd7729b196e878f6412ae99e807e5b705f89d1e84a1465b174531d7d0273ef2453154c60c09664

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks