malware_traffic

2019-03-04 - malspam pushes Hawkeye keylogger/info stealer

Mar 4th, 2019
561
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-03-04 - MALSPAM PUSHES HAWKEYE KEYLOGGER/INFO STEALER
  2.  
  3. FIRST REPORTED:
  4.  
  5. - https://twitter.com/James_inthe_box/status/1102583135701626880
  6.  
  7. EMAIL DATA:
  8.  
  9. - Date: Monday 2019-03-04
  10. - Subject: Product Specification And Order.
  11.  
  12. ASSOCIATED MALWARE:
  13.  
  14. - SHA256 hash: 89dd3c4e53d7e282682edd11daa5cf58a0aa14291b1d59d0c47084c0ab58a19a
  15. - File size: 168,448 bytes
  16. - Fil ename: Product Specification And Order.doc
  17. - File description: Word document with macros to download/install Hawkeye
  18. - Any.run analysis: https://app.any.run/tasks/4b1ec911-bc03-42f5-a603-a1eb14dc190e
  19. - CAPE sandbox: https://cape.contextis.com/analysis/42217/
  20. - Reverse.it: https://www.reverse.it/sample/89dd3c4e53d7e282682edd11daa5cf58a0aa14291b1d59d0c47084c0ab58a19a
  21.  
  22. - SHA256 hash: 2b892fd9c94df58918d7463d75f45a04e384b0373aff4e3bc46bd78299a7c5b2
  23. - File size: 1,064,448 bytes
  24. - File location: hxxps://drvhk.net/rays.exe
  25. - File location: C:\Users\[username]\AppData\Local\Temp\rays.exe
  26. - File description: Hawkeye keylogger/info stealer
  27. - Any.run analysis: https://app.any.run/tasks/1d1136e4-299a-4610-a073-00157217b5a4
  28. - CAPE sandbox: https://cape.contextis.com/analysis/42189/
  29. - Reverse.it: https://www.reverse.it/sample/2b892fd9c94df58918d7463d75f45a04e384b0373aff4e3bc46bd78299a7c5b2
  30.  
  31. INFECTION TRAFFIC:
  32.  
  33. - TCP port 80 - bot.whatismyipaddress[.]com - GET /
  34. - TCP port 587 - smtp.yandex[.]com - Encrypted SMTP traffic
RAW Paste Data