92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576

General
Target

92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576

Size

1MB

Sample

220521-w7l61abba3

Score
10 /10
MD5

833fd320bd8561f6b5a0d9edce0697f8

SHA1

4b798e87d2cbe2e93f35a3a8f3dfa2ee99e9c03f

SHA256

92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576

SHA512

0d72ee76ee0ba1dd3d6f03084b1b8590e472d614fc8018d1863bed6f13e67f51c1e4c9d2d0a3be7834cc06463e4837d612e5e8701e6593ce043d82cb0b746466

Malware Config

Extracted

Credentials

Protocol: smtp

Host: outback.websitewelcome.com

Port: 587

Username: sungearmotors@2020weddingeventz2.com

Password: chukwuma12

Targets
Target

Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE

MD5

cc5e307e68ccb5b363a1d8125e0edfb1

Filesize

1MB

Score
10/10
SHA1

0937747b83e0624bec024daadeaf5c7effdbcb36

SHA256

82ffa88d2b058317fcbc1af1c6fe06d7927be41ee28c7473a397f3db42670ca5

SHA512

ac464272963a2208cf7061e22c75d2ae5b9c76ade74cd1c21aeb28690d2d2ccee45c2cfafe09ad588a56a802f438dfc9a56e60792f87e483db727b8286968815

Tags

Signatures

  • HawkEye

    Description

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    Tags

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Description

    Password recovery tool for various web browsers

  • Nirsoft

  • Drops startup file

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation