SHARE
TWEET

2019-03-04 - malspam pushes Hawkeye keylogger/info stealer

malware_traffic Mar 4th, 2019 (edited) 472 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-03-04 - MALSPAM PUSHES HAWKEYE KEYLOGGER/INFO STEALER
  2.  
  3. FIRST REPORTED:
  4.  
  5. - https://twitter.com/James_inthe_box/status/1102583135701626880
  6.  
  7. EMAIL DATA:
  8.  
  9. - Date: Monday 2019-03-04
  10. - Subject: Product Specification And Order.
  11.  
  12. ASSOCIATED MALWARE:
  13.  
  14. - SHA256 hash: 89dd3c4e53d7e282682edd11daa5cf58a0aa14291b1d59d0c47084c0ab58a19a
  15. - File size: 168,448 bytes
  16. - Fil ename: Product Specification And Order.doc
  17. - File description: Word document with macros to download/install Hawkeye
  18. - Any.run analysis: https://app.any.run/tasks/4b1ec911-bc03-42f5-a603-a1eb14dc190e
  19. - CAPE sandbox: https://cape.contextis.com/analysis/42217/
  20. - Reverse.it: https://www.reverse.it/sample/89dd3c4e53d7e282682edd11daa5cf58a0aa14291b1d59d0c47084c0ab58a19a
  21.  
  22. - SHA256 hash: 2b892fd9c94df58918d7463d75f45a04e384b0373aff4e3bc46bd78299a7c5b2
  23. - File size: 1,064,448 bytes
  24. - File location: hxxps://drvhk.net/rays.exe
  25. - File location: C:\Users\[username]\AppData\Local\Temp\rays.exe
  26. - File description: Hawkeye keylogger/info stealer
  27. - Any.run analysis: https://app.any.run/tasks/1d1136e4-299a-4610-a073-00157217b5a4
  28. - CAPE sandbox: https://cape.contextis.com/analysis/42189/
  29. - Reverse.it: https://www.reverse.it/sample/2b892fd9c94df58918d7463d75f45a04e384b0373aff4e3bc46bd78299a7c5b2
  30.  
  31. INFECTION TRAFFIC:
  32.  
  33. - TCP port 80 - bot.whatismyipaddress[.]com - GET /
  34. - TCP port 587 - smtp.yandex[.]com - Encrypted SMTP traffic
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top