General
-
Target
114f9255de59954ae627cc7bf2869cf9_JaffaCakes118
-
Size
772KB
-
Sample
240504-dg72nsbe5x
-
MD5
114f9255de59954ae627cc7bf2869cf9
-
SHA1
6d4f439a590083f4dc4bdcf25b1aae93fdde99e0
-
SHA256
08601dfa46006125bee6f0d7b3c8f18e824756992e2638872c7e8050d59686dd
-
SHA512
3fedb776d22a0fc626f35c6b12653083be52298765b97ecbb234b7c960440de7e808e6c15d5d8aff15148b1319781fdaafc717274e601cce02df8c0f2d5aa04d
-
SSDEEP
12288:HSQhQTLlzZqhpAS5Trl+AJe6h4jJejAyUgcD5yEq8Ojwlv:zutoheShg6h41vyUrqlW
Static task
static1
Behavioral task
behavioral1
Sample
114f9255de59954ae627cc7bf2869cf9_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
114f9255de59954ae627cc7bf2869cf9_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
114f9255de59954ae627cc7bf2869cf9_JaffaCakes118
-
Size
772KB
-
MD5
114f9255de59954ae627cc7bf2869cf9
-
SHA1
6d4f439a590083f4dc4bdcf25b1aae93fdde99e0
-
SHA256
08601dfa46006125bee6f0d7b3c8f18e824756992e2638872c7e8050d59686dd
-
SHA512
3fedb776d22a0fc626f35c6b12653083be52298765b97ecbb234b7c960440de7e808e6c15d5d8aff15148b1319781fdaafc717274e601cce02df8c0f2d5aa04d
-
SSDEEP
12288:HSQhQTLlzZqhpAS5Trl+AJe6h4jJejAyUgcD5yEq8Ojwlv:zutoheShg6h41vyUrqlW
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-