General
-
Target
0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118
-
Size
951KB
-
Sample
240501-q4dgssac76
-
MD5
0bf39869b08ade7c8ed45ff5a26f70c4
-
SHA1
09ba2e264420ccd1cb0aae13501a7329c3493f54
-
SHA256
a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba
-
SHA512
4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658
-
SSDEEP
24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV
Static task
static1
Behavioral task
behavioral1
Sample
0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118
-
Size
951KB
-
MD5
0bf39869b08ade7c8ed45ff5a26f70c4
-
SHA1
09ba2e264420ccd1cb0aae13501a7329c3493f54
-
SHA256
a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba
-
SHA512
4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658
-
SSDEEP
24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-