General

  • Target

    3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9

  • Size

    587KB

  • Sample

    220310-31f5qsgbfq

  • MD5

    0fcaefd4a7f6b9ee0b69dcc7159175ec

  • SHA1

    5359e7a65f759bcd675d6409741a1cc95f95be64

  • SHA256

    3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9

  • SHA512

    80e479b21600e40699a3c3e8d7e4b0f3cebc28c3393181b920fedabccc886f2ce36eae45095bdd007e887ed021dac9ad27cc5236308eee65fff821da3ea991b7

Malware Config

Targets

    • Target

      3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9

    • Size

      587KB

    • MD5

      0fcaefd4a7f6b9ee0b69dcc7159175ec

    • SHA1

      5359e7a65f759bcd675d6409741a1cc95f95be64

    • SHA256

      3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9

    • SHA512

      80e479b21600e40699a3c3e8d7e4b0f3cebc28c3393181b920fedabccc886f2ce36eae45095bdd007e887ed021dac9ad27cc5236308eee65fff821da3ea991b7

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks