General
-
Target
6f42a0a4f4c44c32c274c2383096d515_JaffaCakes118
-
Size
790KB
-
Sample
240401-l9x16sbf7z
-
MD5
6f42a0a4f4c44c32c274c2383096d515
-
SHA1
dcef833539c48b66f83c80c7f349bbbb16a057cd
-
SHA256
50acb0d9a9bc6cbca94b77ff490d5aff20c453b24c1fdd498a38a0878755d0bd
-
SHA512
87d1b426d2cfbdd609f4d8b2a4bd09ba2afeb101307e3a4dcc8fa9fa9bd1f0498a3ce5bedf50e2fb92c838b0e9a44624ca4d72b5f539cc10245cfedca04b3312
-
SSDEEP
12288:qUi2iN7WxGv2cEgBsSs4j9a1sEEWPPJK1i2RGPBaVj0FbJqzvH1i4QPuTfj+:qUi1SgPEg2j1HPBKnRq40EvHEvP4fj+
Malware Config
Targets
-
-
Target
6f42a0a4f4c44c32c274c2383096d515_JaffaCakes118
-
Size
790KB
-
MD5
6f42a0a4f4c44c32c274c2383096d515
-
SHA1
dcef833539c48b66f83c80c7f349bbbb16a057cd
-
SHA256
50acb0d9a9bc6cbca94b77ff490d5aff20c453b24c1fdd498a38a0878755d0bd
-
SHA512
87d1b426d2cfbdd609f4d8b2a4bd09ba2afeb101307e3a4dcc8fa9fa9bd1f0498a3ce5bedf50e2fb92c838b0e9a44624ca4d72b5f539cc10245cfedca04b3312
-
SSDEEP
12288:qUi2iN7WxGv2cEgBsSs4j9a1sEEWPPJK1i2RGPBaVj0FbJqzvH1i4QPuTfj+:qUi1SgPEg2j1HPBKnRq40EvHEvP4fj+
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-