General

  • Target

    5b2a5db14a4515de07df5f091ecbd5fb_JaffaCakes118

  • Size

    929KB

  • Sample

    240519-ymd11aeh69

  • MD5

    5b2a5db14a4515de07df5f091ecbd5fb

  • SHA1

    e06d25cff824b6a10d694538ed925f11c2f422be

  • SHA256

    6583ece21654fa41c36a713160ae4e10fdb6edea67ac4e4b2397d75c4a195284

  • SHA512

    3ae1d3aba384a3b8cdf5fc31b1d56f2ee346686e3fe78bb7ad1af9d85f478836bbc8543afe556a9005a146fa528223d0995772fc2f4329a4bad43f2fa556a496

  • SSDEEP

    24576:/WheP/nwU8/qkYHNQBu/s5sUernrlSYHd6EErH:/AeXV8/XYtGgwsU8ngYHd6fz

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.vivaldi.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    kelvinklin123

Targets

    • Target

      proforma invoice

    • Size

      1.7MB

    • MD5

      61c5dde7b4dbb77058f8aad370e92648

    • SHA1

      753c4913e5bd73a37c04ec4b180f99aa5d15b2f0

    • SHA256

      4f387257ba2721c27465800f9db3e513ded059ce28b68d593de0f459dfcf95a7

    • SHA512

      7cc15313ed4c0373112cd08240303f4baae696eb86dd9fcf9d3de6b1773fa0e2a5089b86051fd0c15257b3588fe9135dea559dbc799880c8820bbf6e097d9ae1

    • SSDEEP

      24576:EAHnh+eWsN3skA4RV1Hom2KXMmHapr1X5pc0zEtdKnY2jDPFT7TVfd5HTfr6sbt5:Th+ZkldoPK8Yapyqu2jDPpNHH5T

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks