General

  • Target

    8f7e4374244899ce47e6e2f615b8929bbf6ed7401153c17548cf3fa9eb6b629f

  • Size

    1.1MB

  • Sample

    221123-qy7hpaac5z

  • MD5

    d7ae9d2345bcac569bdac76eaf7a001e

  • SHA1

    65ecb93f981ef149f58c08cb6ddac47c85cc1d7f

  • SHA256

    8f7e4374244899ce47e6e2f615b8929bbf6ed7401153c17548cf3fa9eb6b629f

  • SHA512

    11929609f8a36464b943bc2a7dc8f8e56f0b8a02ab252e897eb30060373909477f77222ce8c4af7706fd6698834dd6aedff8dec9ed2ca7d1ef2c790e47c3491d

  • SSDEEP

    24576:DEeSWfLAdegLo9NMpu0leEsh3W57ycW2mkEg:D3SWOeL8ZleEsFVcPmw

Malware Config

Targets

    • Target

      8f7e4374244899ce47e6e2f615b8929bbf6ed7401153c17548cf3fa9eb6b629f

    • Size

      1.1MB

    • MD5

      d7ae9d2345bcac569bdac76eaf7a001e

    • SHA1

      65ecb93f981ef149f58c08cb6ddac47c85cc1d7f

    • SHA256

      8f7e4374244899ce47e6e2f615b8929bbf6ed7401153c17548cf3fa9eb6b629f

    • SHA512

      11929609f8a36464b943bc2a7dc8f8e56f0b8a02ab252e897eb30060373909477f77222ce8c4af7706fd6698834dd6aedff8dec9ed2ca7d1ef2c790e47c3491d

    • SSDEEP

      24576:DEeSWfLAdegLo9NMpu0leEsh3W57ycW2mkEg:D3SWOeL8ZleEsFVcPmw

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks