General

  • Target

    0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118

  • Size

    951KB

  • Sample

    240501-q4dgssac76

  • MD5

    0bf39869b08ade7c8ed45ff5a26f70c4

  • SHA1

    09ba2e264420ccd1cb0aae13501a7329c3493f54

  • SHA256

    a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba

  • SHA512

    4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658

  • SSDEEP

    24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      0bf39869b08ade7c8ed45ff5a26f70c4_JaffaCakes118

    • Size

      951KB

    • MD5

      0bf39869b08ade7c8ed45ff5a26f70c4

    • SHA1

      09ba2e264420ccd1cb0aae13501a7329c3493f54

    • SHA256

      a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba

    • SHA512

      4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658

    • SSDEEP

      24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Drops startup file

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks