General

  • Target

    02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740

  • Size

    520KB

  • Sample

    220223-ave19sfgc5

  • MD5

    949f2fc9c985e3182200118a59dd0f49

  • SHA1

    b80935447e8ad0d9bc97b0362907fbbc3fb58fff

  • SHA256

    02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740

  • SHA512

    5863f812fe4900bbb17ecedc99fbd544c8d9212ac5f0cd362a3c0c6b873df4877af87ab8d0993e33c6a8f57d150868be7fd26bfa3fce1d4797cad3306d20c8a8

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    8903Sergey

Targets

    • Target

      02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740

    • Size

      520KB

    • MD5

      949f2fc9c985e3182200118a59dd0f49

    • SHA1

      b80935447e8ad0d9bc97b0362907fbbc3fb58fff

    • SHA256

      02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740

    • SHA512

      5863f812fe4900bbb17ecedc99fbd544c8d9212ac5f0cd362a3c0c6b873df4877af87ab8d0993e33c6a8f57d150868be7fd26bfa3fce1d4797cad3306d20c8a8

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks