General

  • Target

    e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01

  • Size

    388KB

  • Sample

    220308-bhme9aabe6

  • MD5

    590ee18dafe3c592016add9a1f5ea3e1

  • SHA1

    2d85ba5a4880d2a2970bb886d18aefc1ddfe199e

  • SHA256

    e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01

  • SHA512

    afd6c7032e6c9fb2d87f878ceb1a0549797dfe9c375e5db011a2ad032faa562119aebac84ab95b2b1b57c8ae1841ab13519a16a6c2c820b5f82191cf70823e8d

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    webber198@#

Targets

    • Target

      e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01

    • Size

      388KB

    • MD5

      590ee18dafe3c592016add9a1f5ea3e1

    • SHA1

      2d85ba5a4880d2a2970bb886d18aefc1ddfe199e

    • SHA256

      e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01

    • SHA512

      afd6c7032e6c9fb2d87f878ceb1a0549797dfe9c375e5db011a2ad032faa562119aebac84ab95b2b1b57c8ae1841ab13519a16a6c2c820b5f82191cf70823e8d

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks