Extracted

• • Target

    136c89acfb542963a9dc99a265c08ee4_JaffaCakes118

  • Size

    502KB

  • MD5

    136c89acfb542963a9dc99a265c08ee4

  • SHA1

    4364791f14242e2447be844a0fbf9c5b8bbed21b

  • SHA256

    422931202dfa4214ad564a05b02b589ab3caeaa343352d4d99c03926918bcd12

  • SHA512

    16ceff38dfb2fe45f03f44000e97f2eafecf18df1ccdd15974e867cffad8ae58e0cab82e05525b73af76b1d1117f7a4ff9882e0d316b08b20759ebe2c6247405

  • SSDEEP

    6144:2bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9nHP:2QtqB5urTIoYWBQk1E+VF9mOx9v

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2