General

  • Target

    ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89

  • Size

    567KB

  • Sample

    220521-mz8klafhdl

  • MD5

    3c0ee822bd8279a7ceb81563b70d3011

  • SHA1

    ed8e2ebe4ae21a41b995bf82e25169a2f52b9ce3

  • SHA256

    ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89

  • SHA512

    d7a38d62d7f4e9446ee669e8e19e2eb7107e3a6a1f6f85d8a857bd2f2401f6b3d1e911e6cc37c4a529927c0e3ae9373cca4800c37ee718d880815101afccf6a0

Malware Config

Targets

    • Target

      PAYMENT DETAILS.exe

    • Size

      913KB

    • MD5

      b9d953083a5b1006d5632d82c7a01d8d

    • SHA1

      4701c2bccbcfe59c1654c50f0e2800b3ffd062e3

    • SHA256

      e1bf95bd96a59075ac24eec7c47b3142361ea79c1fb68e2b6039212fba523449

    • SHA512

      70fb97ac42882e5e62ef07bdfa06de9ab59d37ecfd07f59eecf76081cc34ccff954bd0edbf593eaf8db10da6d560500ba83a36cadb77d1b980fe127cd63ddbf6

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Collection

Email Collection

1
T1114

Tasks