General

  • Target

    3be81619905275db3b2f932e608f07079b256ae5f5a6ea2647cc9bf045abf092

  • Size

    951KB

  • Sample

    220311-a7wjsagggn

  • MD5

    6ace5999eac4fbca0e1b94a0a2167301

  • SHA1

    a2607db3b6a5e5fea0dd23c653409742d14ab40a

  • SHA256

    3be81619905275db3b2f932e608f07079b256ae5f5a6ea2647cc9bf045abf092

  • SHA512

    84586fab298250cf8842c09bdd11b7129f1d05701f6c0e759827a0e376b190024d81fbb872bcd83e37193ab18eb4759836819bd58246269b3be950d00ae9f21c

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    desktop123

Targets

    • Target

      3be81619905275db3b2f932e608f07079b256ae5f5a6ea2647cc9bf045abf092

    • Size

      951KB

    • MD5

      6ace5999eac4fbca0e1b94a0a2167301

    • SHA1

      a2607db3b6a5e5fea0dd23c653409742d14ab40a

    • SHA256

      3be81619905275db3b2f932e608f07079b256ae5f5a6ea2647cc9bf045abf092

    • SHA512

      84586fab298250cf8842c09bdd11b7129f1d05701f6c0e759827a0e376b190024d81fbb872bcd83e37193ab18eb4759836819bd58246269b3be950d00ae9f21c

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks