General

  • Target

    10743387837.zip

  • Size

    596KB

  • Sample

    230613-xbr8taad92

  • MD5

    4ad0377c1a5ba6880fe1fcea7c35e1f9

  • SHA1

    0a7ec3e591a4a2d38465ebe2fcc627b7e647364c

  • SHA256

    0a213049df4abf319dbb1c1bd1b5114ffa01bca076e2880dd25e5a8567561f95

  • SHA512

    acda92b6563f61f5a2efa754908e10acf9c43306f4990181992561cda7908a9c2799e6946dc50b47813745d38b481da6c70215a929fc16c35b86f18d8ae60d1b

  • SSDEEP

    12288:c+MRCIGcqPoBlfNg/gdTWvl4qRVSMekFM/s0RjtVNJAZD4NC:clR6DWli/gdYlvzSMx+k0RjjAn

Malware Config

Targets

    • Target

      c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12

    • Size

      679KB

    • MD5

      7f075616272cca52e731c11080d0f3ef

    • SHA1

      b5142fe556fc114eb221c4b14ad9d19c9e83fe83

    • SHA256

      c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12

    • SHA512

      f9fe3bb4f04138c8c924a74f35c293cbe3e777a6f2993c0352e4de9f6677807fcb982190d2a070925ee7a6810a136f2f7c1358babe5e8087736513f6b77982a7

    • SSDEEP

      12288:WXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:WXQnnYsNHXR9NlgobVcUK7UXrj++

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks