General

  • Target

    0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

  • Size

    775KB

  • Sample

    220226-lnxhhsbfcn

  • MD5

    ab385c6275ab31c216f2e95a8b7d4fb8

  • SHA1

    6fe184a0d6a6e926fb4ac6fdbda9064dfc053611

  • SHA256

    0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

  • SHA512

    17d9ab736598c6062bcbb60d4041029ad8779132b7f3a717812c1815f162968dd43b45cd69506051b523440cb5caea583947061ca78fa5444d43b60286606d1a

Malware Config

Targets

    • Target

      0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

    • Size

      775KB

    • MD5

      ab385c6275ab31c216f2e95a8b7d4fb8

    • SHA1

      6fe184a0d6a6e926fb4ac6fdbda9064dfc053611

    • SHA256

      0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

    • SHA512

      17d9ab736598c6062bcbb60d4041029ad8779132b7f3a717812c1815f162968dd43b45cd69506051b523440cb5caea583947061ca78fa5444d43b60286606d1a

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks