General

  • Target

    bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce

  • Size

    1MB

  • Sample

    221128-xv7slsdh61

  • MD5

    3e42e46cb2bba71265a1d364e7e65379

  • SHA1

    33c51a13d8a799bb939c2f0285d77e27585bc4b2

  • SHA256

    bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce

  • SHA512

    e5aef8514fe94b966db5e878b354c201da6ee747c1d717e422e891bd6292d27e072fe889e45ab5d6d97c9142c9636d64b8424a1da03334ff6efbfe8676e931d7

  • SSDEEP

    24576:+Ne+ND84B1OCtvrbsCaANGPLvRYMc/d8E9AikP:2e+No4BDvc7dYMchtk

Malware Config

Extracted

Credentials

Protocol: smtp

Host: smtp.gmail.com

Port: 587

Username: theresultbox77@gmail.com

Password: drlwjrdttnageixp

Targets

    • Target

      bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce

    • Size

      1MB

    • MD5

      3e42e46cb2bba71265a1d364e7e65379

    • SHA1

      33c51a13d8a799bb939c2f0285d77e27585bc4b2

    • SHA256

      bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce

    • SHA512

      e5aef8514fe94b966db5e878b354c201da6ee747c1d717e422e891bd6292d27e072fe889e45ab5d6d97c9142c9636d64b8424a1da03334ff6efbfe8676e931d7

    • SSDEEP

      24576:+Ne+ND84B1OCtvrbsCaANGPLvRYMc/d8E9AikP:2e+No4BDvc7dYMchtk

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

      Defense Evasion

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks