General

  • Target

    33178b7107d55ddbbb52a9e0268ea73b9a96b8092470688e2fc3c9e76719330c

  • Size

    505KB

  • Sample

    221122-xreyesdg84

  • MD5

    e17cee656c450820e2139ca9ad5576af

  • SHA1

    8d130ae39b9c4ad6d549532a1bfa0161785de137

  • SHA256

    33178b7107d55ddbbb52a9e0268ea73b9a96b8092470688e2fc3c9e76719330c

  • SHA512

    ede11b20e0be5106cd6cd0bdcc095927f4072dd38d19e83247288803ca9eb3a70bef04bb1677cb2842337b49bad49758a12829150ad73bb419da88ff5b277cfb

  • SSDEEP

    6144:teOFbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9OaI:IOFQtqB5urTIoYWBQk1E+VF9mOx9Q

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    express1234

Targets

    • Target

      33178b7107d55ddbbb52a9e0268ea73b9a96b8092470688e2fc3c9e76719330c

    • Size

      505KB

    • MD5

      e17cee656c450820e2139ca9ad5576af

    • SHA1

      8d130ae39b9c4ad6d549532a1bfa0161785de137

    • SHA256

      33178b7107d55ddbbb52a9e0268ea73b9a96b8092470688e2fc3c9e76719330c

    • SHA512

      ede11b20e0be5106cd6cd0bdcc095927f4072dd38d19e83247288803ca9eb3a70bef04bb1677cb2842337b49bad49758a12829150ad73bb419da88ff5b277cfb

    • SSDEEP

      6144:teOFbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9OaI:IOFQtqB5urTIoYWBQk1E+VF9mOx9Q

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks