General

  • Target

    javs.exe

  • Size

    645KB

  • Sample

    250305-egdnhaxzdw

  • MD5

    b7f4ecc258e5795b93cf4c8239d80cae

  • SHA1

    457b52c2e260527ec6a648cac7b5170125f8952a

  • SHA256

    f5f915bab2da6d58e9c07823cd89594f631425a041cd2e642b5f1a64ca23203e

  • SHA512

    94578f60c1d5b0ca637047a52df3109c1233f8a9a790640af245cef59c74b5f8a0eb988b917fbdb3f1822ac339cea2e3679db06e3babca8e3455ea7681120fc0

  • SSDEEP

    12288:upcJsqHRb0bgiB+/iVWRTPwbmA20i4o+nsltXS879jKVoMNug9Szi:upcJsobEg4vVWRjwbmAS47nsP79jioVr

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    malaysia25

Targets

    • Target

      javs.exe

    • Size

      645KB

    • MD5

      b7f4ecc258e5795b93cf4c8239d80cae

    • SHA1

      457b52c2e260527ec6a648cac7b5170125f8952a

    • SHA256

      f5f915bab2da6d58e9c07823cd89594f631425a041cd2e642b5f1a64ca23203e

    • SHA512

      94578f60c1d5b0ca637047a52df3109c1233f8a9a790640af245cef59c74b5f8a0eb988b917fbdb3f1822ac339cea2e3679db06e3babca8e3455ea7681120fc0

    • SSDEEP

      12288:upcJsqHRb0bgiB+/iVWRTPwbmA20i4o+nsltXS879jKVoMNug9Szi:upcJsobEg4vVWRjwbmAS47nsP79jioVr

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks