General

  • Target

    02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b

  • Size

    521KB

  • Sample

    220223-a2nxrafha9

  • MD5

    50fb186f2663f64a4b3181586f2eaed6

  • SHA1

    9a7057485882a894e9488aa21f8738f53de4f544

  • SHA256

    02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b

  • SHA512

    372cd9bf61951ab72790324f420d30cf8838578fbe19cddbba81acdbdc566fa12f6cb5eb603d35d0333b626b29e1124b1f05049f2f80ac9eb6fc9346e6207643

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.yahlabs.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    K#XTi1TB1^w%

Targets

    • Target

      02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b

    • Size

      521KB

    • MD5

      50fb186f2663f64a4b3181586f2eaed6

    • SHA1

      9a7057485882a894e9488aa21f8738f53de4f544

    • SHA256

      02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b

    • SHA512

      372cd9bf61951ab72790324f420d30cf8838578fbe19cddbba81acdbdc566fa12f6cb5eb603d35d0333b626b29e1124b1f05049f2f80ac9eb6fc9346e6207643

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks