General

  • Target

    1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8

  • Size

    520KB

  • Sample

    220222-w1h6rscbe2

  • MD5

    73a808e8b6f31620e4ae17f60e707900

  • SHA1

    192bfeb175f9acd985357b7c15824e188975038e

  • SHA256

    1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8

  • SHA512

    5827bfbeb9fa2e617ec5a8afc54a3fca19212fae94be0e16154057be71275f149f5eda17ba2eb65598f26d20f28f70555e81ea82a46676c67bfe7bb824c45418

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.vivaldi.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Crosstown123

Targets

    • Target

      1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8

    • Size

      520KB

    • MD5

      73a808e8b6f31620e4ae17f60e707900

    • SHA1

      192bfeb175f9acd985357b7c15824e188975038e

    • SHA256

      1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8

    • SHA512

      5827bfbeb9fa2e617ec5a8afc54a3fca19212fae94be0e16154057be71275f149f5eda17ba2eb65598f26d20f28f70555e81ea82a46676c67bfe7bb824c45418

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks