General

  • Target

    6733c0c98c55ae25874bca21cf98fbb6a00e9ef39e14bc8d0472a0c6e7595379

  • Size

    456KB

  • Sample

    220310-ev5ddadge3

  • MD5

    afa7569a9d6de68a9cc23733aaf6aac0

  • SHA1

    ae81e6539bb2182e5aa2d365fb667abb8e023276

  • SHA256

    6733c0c98c55ae25874bca21cf98fbb6a00e9ef39e14bc8d0472a0c6e7595379

  • SHA512

    64064a23fa0e6f6ac1dcec0b41ff5800cceafc0750ac32358b28f297cf94d08e51f5039efc4d53059492435ec748604e3d444a94703c80a419b0130c17379345

Malware Config

Targets

    • Target

      6733c0c98c55ae25874bca21cf98fbb6a00e9ef39e14bc8d0472a0c6e7595379

    • Size

      456KB

    • MD5

      afa7569a9d6de68a9cc23733aaf6aac0

    • SHA1

      ae81e6539bb2182e5aa2d365fb667abb8e023276

    • SHA256

      6733c0c98c55ae25874bca21cf98fbb6a00e9ef39e14bc8d0472a0c6e7595379

    • SHA512

      64064a23fa0e6f6ac1dcec0b41ff5800cceafc0750ac32358b28f297cf94d08e51f5039efc4d53059492435ec748604e3d444a94703c80a419b0130c17379345

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks