General

  • Target

    4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b

  • Size

    725KB

  • Sample

    220712-md72yagfh2

  • MD5

    33b63714602355d705387a600617eece

  • SHA1

    9d3ebfc281633f5185d6ca1d4bc30a0ec23ef120

  • SHA256

    4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b

  • SHA512

    0d053b226a9a14a826bdd0d7df753d5c6871a8dfd7f157a01fd0cde0a75de233d127fa5ca55592f1146e15dfc067f371f687f3858d77fcc311ef7590e2a54673

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.zoho.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    godsgrace123

Targets

    • Target

      4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b

    • Size

      725KB

    • MD5

      33b63714602355d705387a600617eece

    • SHA1

      9d3ebfc281633f5185d6ca1d4bc30a0ec23ef120

    • SHA256

      4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b

    • SHA512

      0d053b226a9a14a826bdd0d7df753d5c6871a8dfd7f157a01fd0cde0a75de233d127fa5ca55592f1146e15dfc067f371f687f3858d77fcc311ef7590e2a54673

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks