General
-
Target
1ff187482465cab97f45861705d4aea8_JaffaCakes118
-
Size
750KB
-
Sample
240507-jp6rgafe2t
-
MD5
1ff187482465cab97f45861705d4aea8
-
SHA1
014219f8768444e4a2c8bc0519c4869d4537f419
-
SHA256
880a8e92a551eadbe2100603827a0f37146b7d8bd32dca0d571dd153b2b46e0d
-
SHA512
647b687774cd9cf4a71605021e34d68972381d694405d358dc3627ef262bcabbb15f09da62503c548840c2bd423d7b1c2af50cfb800ee022f6ea91ed50cb16f1
-
SSDEEP
12288:YhHe7H2bIKv7J4nDCrLuIeOgSkb94+NCjjq09eW3IKaIt1frZhAQap2svLxHw:++7H2FJucpeO3khc/IWIItN+v
Static task
static1
Behavioral task
behavioral1
Sample
1ff187482465cab97f45861705d4aea8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1ff187482465cab97f45861705d4aea8_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
1ff187482465cab97f45861705d4aea8_JaffaCakes118
-
Size
750KB
-
MD5
1ff187482465cab97f45861705d4aea8
-
SHA1
014219f8768444e4a2c8bc0519c4869d4537f419
-
SHA256
880a8e92a551eadbe2100603827a0f37146b7d8bd32dca0d571dd153b2b46e0d
-
SHA512
647b687774cd9cf4a71605021e34d68972381d694405d358dc3627ef262bcabbb15f09da62503c548840c2bd423d7b1c2af50cfb800ee022f6ea91ed50cb16f1
-
SSDEEP
12288:YhHe7H2bIKv7J4nDCrLuIeOgSkb94+NCjjq09eW3IKaIt1frZhAQap2svLxHw:++7H2FJucpeO3khc/IWIItN+v
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-