General

  • Target

    3d42122c553c5b65dad21ef80402169d8087b25ac1fe04a1b550637180cc4231

  • Size

    703KB

  • Sample

    220311-arldwageek

  • MD5

    f4010d690ed9f35d0bf8533bb8a889d9

  • SHA1

    1a91acd947c4130f716733ced70784262301d0c7

  • SHA256

    3d42122c553c5b65dad21ef80402169d8087b25ac1fe04a1b550637180cc4231

  • SHA512

    ef5ebd91586ff96deba4720f29078437dd5ee360ef54c440f39100df0ab55457b41cfb17119c1568f150eff7bc052d28618a1147eec8bfc9e2d9c5e62e29f34e

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    123clout

Targets

    • Target

      3d42122c553c5b65dad21ef80402169d8087b25ac1fe04a1b550637180cc4231

    • Size

      703KB

    • MD5

      f4010d690ed9f35d0bf8533bb8a889d9

    • SHA1

      1a91acd947c4130f716733ced70784262301d0c7

    • SHA256

      3d42122c553c5b65dad21ef80402169d8087b25ac1fe04a1b550637180cc4231

    • SHA512

      ef5ebd91586ff96deba4720f29078437dd5ee360ef54c440f39100df0ab55457b41cfb17119c1568f150eff7bc052d28618a1147eec8bfc9e2d9c5e62e29f34e

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks