General
-
Target
0ba173af7380bbe70d970caec82ffc36_JaffaCakes118
-
Size
2.2MB
-
Sample
240501-m6gepafe77
-
MD5
0ba173af7380bbe70d970caec82ffc36
-
SHA1
8d5e57a20617d338fdf05c7c6b69a974c6193418
-
SHA256
94d061976f1bfc6f56cfacec9e19a87e9e553fb2fd99f67900cf71a72d348a3b
-
SHA512
2f5e1ae195fb6ea6c99b9c21fc90bb9c68c551e215f7ecf0dd8ac3da615bb4562ed1de7b0dd96dcc828b980fd4a5e87a6559388ec1ee640c7f119177ad659a72
-
SSDEEP
24576:oAHnh+eWsN3skA4RV1Hom2KXMmHaMk672qqWe4SIftv7ULgPiyuooUv05:vh+ZkldoPK8YaM1S
Malware Config
Targets
-
-
Target
0ba173af7380bbe70d970caec82ffc36_JaffaCakes118
-
Size
2.2MB
-
MD5
0ba173af7380bbe70d970caec82ffc36
-
SHA1
8d5e57a20617d338fdf05c7c6b69a974c6193418
-
SHA256
94d061976f1bfc6f56cfacec9e19a87e9e553fb2fd99f67900cf71a72d348a3b
-
SHA512
2f5e1ae195fb6ea6c99b9c21fc90bb9c68c551e215f7ecf0dd8ac3da615bb4562ed1de7b0dd96dcc828b980fd4a5e87a6559388ec1ee640c7f119177ad659a72
-
SSDEEP
24576:oAHnh+eWsN3skA4RV1Hom2KXMmHaMk672qqWe4SIftv7ULgPiyuooUv05:vh+ZkldoPK8YaM1S
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-