General

  • Target

    1ff187482465cab97f45861705d4aea8_JaffaCakes118

  • Size

    750KB

  • Sample

    240507-jp6rgafe2t

  • MD5

    1ff187482465cab97f45861705d4aea8

  • SHA1

    014219f8768444e4a2c8bc0519c4869d4537f419

  • SHA256

    880a8e92a551eadbe2100603827a0f37146b7d8bd32dca0d571dd153b2b46e0d

  • SHA512

    647b687774cd9cf4a71605021e34d68972381d694405d358dc3627ef262bcabbb15f09da62503c548840c2bd423d7b1c2af50cfb800ee022f6ea91ed50cb16f1

  • SSDEEP

    12288:YhHe7H2bIKv7J4nDCrLuIeOgSkb94+NCjjq09eW3IKaIt1frZhAQap2svLxHw:++7H2FJucpeO3khc/IWIItN+v

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      1ff187482465cab97f45861705d4aea8_JaffaCakes118

    • Size

      750KB

    • MD5

      1ff187482465cab97f45861705d4aea8

    • SHA1

      014219f8768444e4a2c8bc0519c4869d4537f419

    • SHA256

      880a8e92a551eadbe2100603827a0f37146b7d8bd32dca0d571dd153b2b46e0d

    • SHA512

      647b687774cd9cf4a71605021e34d68972381d694405d358dc3627ef262bcabbb15f09da62503c548840c2bd423d7b1c2af50cfb800ee022f6ea91ed50cb16f1

    • SSDEEP

      12288:YhHe7H2bIKv7J4nDCrLuIeOgSkb94+NCjjq09eW3IKaIt1frZhAQap2svLxHw:++7H2FJucpeO3khc/IWIItN+v

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks