a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8

General
Target

a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8

Size

1MB

Sample

220521-w7k9psedbn

Score
10 /10
MD5

883ae301946f0c4ed4907a5c8084b554

SHA1

4842f095f105813e456a2f418f719b7bb843b8b4

SHA256

a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8

SHA512

a5f3eda7c766ceec5c99073c38287828634078b044095b893b7801354eff69c2e36f95a47e897af75ed577509439a639519f6c0a3f8beddb73ec147b0d83d624

Malware Config

Extracted

Credentials

Protocol: smtp

Host: outback.websitewelcome.com

Port: 587

Username: krishnafebtech14@2020weddingeventz1.com

Password: 1ihemyorochi

Targets
Target

Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE

MD5

1e80be82f8e930a7160c225ea1fb529e

Filesize

1MB

Score
10/10
SHA1

7c50b9f3550d1d4c6abdb668cec1d7461a4c13d6

SHA256

68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3

SHA512

964181a2b3d3db5522a99dfa4c77c87d7c921981e55ecd2cd9fa8f10dd170082637cb6d130a7fee8182a3e6b967e98d34d072d7955233a17b281cd598080bf93

Tags

Signatures

  • HawkEye

    Description

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    Tags

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Description

    Password recovery tool for various web browsers

  • Nirsoft

  • Drops startup file

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation