General

  • Target

    fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1eN.exe

  • Size

    641KB

  • Sample

    241216-safq6ssrgv

  • MD5

    1bd125665d45e6cab681259a508cfeb0

  • SHA1

    bb4acbe58e144be89a55e88e6709a0dbb1b13895

  • SHA256

    fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1e

  • SHA512

    2738370c1b91545b6fe35a4411ed339d44633f212ca9dde109282cfb06ca780c72a2641b7c30616314dde10f1e670cb12a2aba60f84068bc006f2487d3f373f3

  • SSDEEP

    12288:8XKUqE0V7v1j5Qu3fhoYTcNVlVY5ugNUko:8XrS1ll5N357Ro

Malware Config

Targets

    • Target

      fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1eN.exe

    • Size

      641KB

    • MD5

      1bd125665d45e6cab681259a508cfeb0

    • SHA1

      bb4acbe58e144be89a55e88e6709a0dbb1b13895

    • SHA256

      fbf7af11a6fc0d9b07ed52a225e44b77a6a6aa19fec83fee99ea3d0483c96d1e

    • SHA512

      2738370c1b91545b6fe35a4411ed339d44633f212ca9dde109282cfb06ca780c72a2641b7c30616314dde10f1e670cb12a2aba60f84068bc006f2487d3f373f3

    • SSDEEP

      12288:8XKUqE0V7v1j5Qu3fhoYTcNVlVY5ugNUko:8XrS1ll5N357Ro

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks