General

  • Target

    b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4

  • Size

    1.7MB

  • Sample

    241106-j83h6awhkc

  • MD5

    51956d90e55c86ee8fa57a5f26625454

  • SHA1

    be35dbe23ebfaa91d825bc161538e130c0886276

  • SHA256

    b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4

  • SHA512

    3ab50406431fe064d35dbcfac796935649d9c0e16d2dde50876988a4c19c7fcb73c709f71b39e9a4c06a11a55b09a008f6fc805a30fb6e80b4842355fb066596

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLWsLisUV3+JQQeuLEIJgSn/Eg3q759rxv:f3v+7/5QLWqisQ+JQQeuLTJgxg3q9rxv

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.hammer-adv.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    **123123**

Targets

    • Target

      b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4

    • Size

      1.7MB

    • MD5

      51956d90e55c86ee8fa57a5f26625454

    • SHA1

      be35dbe23ebfaa91d825bc161538e130c0886276

    • SHA256

      b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4

    • SHA512

      3ab50406431fe064d35dbcfac796935649d9c0e16d2dde50876988a4c19c7fcb73c709f71b39e9a4c06a11a55b09a008f6fc805a30fb6e80b4842355fb066596

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLWsLisUV3+JQQeuLEIJgSn/Eg3q759rxv:f3v+7/5QLWqisQ+JQQeuLTJgxg3q9rxv

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks