General

  • Target

    4318aa2563b593ec15b6849b43452c5d861cab63b5482b0b68b0c5289fa22c04

  • Size

    520KB

  • Sample

    220310-2q9tmacdh3

  • MD5

    5643b2a756718e662823de866f24ecd8

  • SHA1

    e6ae891074620a1ea694d9264d90e441c5c9479f

  • SHA256

    4318aa2563b593ec15b6849b43452c5d861cab63b5482b0b68b0c5289fa22c04

  • SHA512

    c263e2b55c09edd0e4d2b40431d4c2b45b92e1aa532a76cacc984b4d09ac5d4150eacf62dbba7604326e45e2f520a87fb0a9b3e705ee812ead96b7a4014e4a9a

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    rinou20102010

Targets

    • Target

      4318aa2563b593ec15b6849b43452c5d861cab63b5482b0b68b0c5289fa22c04

    • Size

      520KB

    • MD5

      5643b2a756718e662823de866f24ecd8

    • SHA1

      e6ae891074620a1ea694d9264d90e441c5c9479f

    • SHA256

      4318aa2563b593ec15b6849b43452c5d861cab63b5482b0b68b0c5289fa22c04

    • SHA512

      c263e2b55c09edd0e4d2b40431d4c2b45b92e1aa532a76cacc984b4d09ac5d4150eacf62dbba7604326e45e2f520a87fb0a9b3e705ee812ead96b7a4014e4a9a

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks