General
-
Target
23e473332d88b997592273f52100dd71_JaffaCakes118
-
Size
1014KB
-
Sample
240508-jqhq2aac2v
-
MD5
23e473332d88b997592273f52100dd71
-
SHA1
632af0c3d2d79ce41172195bfe99c1e2aedbc1db
-
SHA256
4bb5700ff072f1d563a456b878481ba523cc45cd9517539dc2b640174727c9ec
-
SHA512
c6538d6a169d37b685e2ccb9f1deee365946735947b16576fb915b5988b1956da32298e641c8cf2c367813786c5e29730c83397ab0bcee9e7ba82a230e45eb5c
-
SSDEEP
12288:NDIWlcxVmnXbvMH4/pdcyd163+bX4v9Y/gM1oZPkYU7pMAlcZfj7g1P:NDIIXQuz1bIVYHYRQcZG
Static task
static1
Behavioral task
behavioral1
Sample
23e473332d88b997592273f52100dd71_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
23e473332d88b997592273f52100dd71_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
23e473332d88b997592273f52100dd71_JaffaCakes118
-
Size
1014KB
-
MD5
23e473332d88b997592273f52100dd71
-
SHA1
632af0c3d2d79ce41172195bfe99c1e2aedbc1db
-
SHA256
4bb5700ff072f1d563a456b878481ba523cc45cd9517539dc2b640174727c9ec
-
SHA512
c6538d6a169d37b685e2ccb9f1deee365946735947b16576fb915b5988b1956da32298e641c8cf2c367813786c5e29730c83397ab0bcee9e7ba82a230e45eb5c
-
SSDEEP
12288:NDIWlcxVmnXbvMH4/pdcyd163+bX4v9Y/gM1oZPkYU7pMAlcZfj7g1P:NDIIXQuz1bIVYHYRQcZG
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-