General

  • Target

    3be559c118509105587a858534ca417bb859d4ea3d0483c058f8848c31fa79ae

  • Size

    678KB

  • Sample

    220311-a7yzxadhc3

  • MD5

    ab271f8665051dff050bc87d5bbc7cbb

  • SHA1

    a90485100ed4a7e06fb1ce9ea812d4fc1ae4fb8a

  • SHA256

    3be559c118509105587a858534ca417bb859d4ea3d0483c058f8848c31fa79ae

  • SHA512

    68f82ca985a4d802327764fc444613f48768770f2b3c77181d1d8fc1d5d4f76734a1b4e00c0b25c9468125741614521798bd10e7e4d8c9e67391cfdbcc9d29ff

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Adrien12

Targets

    • Target

      3be559c118509105587a858534ca417bb859d4ea3d0483c058f8848c31fa79ae

    • Size

      678KB

    • MD5

      ab271f8665051dff050bc87d5bbc7cbb

    • SHA1

      a90485100ed4a7e06fb1ce9ea812d4fc1ae4fb8a

    • SHA256

      3be559c118509105587a858534ca417bb859d4ea3d0483c058f8848c31fa79ae

    • SHA512

      68f82ca985a4d802327764fc444613f48768770f2b3c77181d1d8fc1d5d4f76734a1b4e00c0b25c9468125741614521798bd10e7e4d8c9e67391cfdbcc9d29ff

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks