General

  • Target

    114f9255de59954ae627cc7bf2869cf9_JaffaCakes118

  • Size

    772KB

  • Sample

    240504-dg72nsbe5x

  • MD5

    114f9255de59954ae627cc7bf2869cf9

  • SHA1

    6d4f439a590083f4dc4bdcf25b1aae93fdde99e0

  • SHA256

    08601dfa46006125bee6f0d7b3c8f18e824756992e2638872c7e8050d59686dd

  • SHA512

    3fedb776d22a0fc626f35c6b12653083be52298765b97ecbb234b7c960440de7e808e6c15d5d8aff15148b1319781fdaafc717274e601cce02df8c0f2d5aa04d

  • SSDEEP

    12288:HSQhQTLlzZqhpAS5Trl+AJe6h4jJejAyUgcD5yEq8Ojwlv:zutoheShg6h41vyUrqlW

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      114f9255de59954ae627cc7bf2869cf9_JaffaCakes118

    • Size

      772KB

    • MD5

      114f9255de59954ae627cc7bf2869cf9

    • SHA1

      6d4f439a590083f4dc4bdcf25b1aae93fdde99e0

    • SHA256

      08601dfa46006125bee6f0d7b3c8f18e824756992e2638872c7e8050d59686dd

    • SHA512

      3fedb776d22a0fc626f35c6b12653083be52298765b97ecbb234b7c960440de7e808e6c15d5d8aff15148b1319781fdaafc717274e601cce02df8c0f2d5aa04d

    • SSDEEP

      12288:HSQhQTLlzZqhpAS5Trl+AJe6h4jJejAyUgcD5yEq8Ojwlv:zutoheShg6h41vyUrqlW

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks