General

  • Target

    fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87N.exe

  • Size

    778KB

  • Sample

    241216-wz42vaxkg1

  • MD5

    42091ab1b8cbca4e170ed8806cb67ab0

  • SHA1

    3d9389b8eed46f39a3bbc975ad05f31e7a0c7d84

  • SHA256

    fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87

  • SHA512

    8c8cd397ac77ce6407037c749ce8b051bb1cbe22a78657463c12d3e8fea235fb2bbeee470ba35fa6c09296f28cc57b2ef8ec394319c1b4278efb89338c417e46

  • SSDEEP

    12288:i2fgeSMXkVxNnFKZCQTUvBmqTmR6tpOudwzvmzc/J97OTv7w4m22Ry:hgexKx1Fco5La07wzvKcfOTTwh2r

Malware Config

Targets

    • Target

      fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87N.exe

    • Size

      778KB

    • MD5

      42091ab1b8cbca4e170ed8806cb67ab0

    • SHA1

      3d9389b8eed46f39a3bbc975ad05f31e7a0c7d84

    • SHA256

      fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87

    • SHA512

      8c8cd397ac77ce6407037c749ce8b051bb1cbe22a78657463c12d3e8fea235fb2bbeee470ba35fa6c09296f28cc57b2ef8ec394319c1b4278efb89338c417e46

    • SSDEEP

      12288:i2fgeSMXkVxNnFKZCQTUvBmqTmR6tpOudwzvmzc/J97OTv7w4m22Ry:hgexKx1Fco5La07wzvKcfOTTwh2r

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks