General

  • Target

    23e473332d88b997592273f52100dd71_JaffaCakes118

  • Size

    1014KB

  • Sample

    240508-jqhq2aac2v

  • MD5

    23e473332d88b997592273f52100dd71

  • SHA1

    632af0c3d2d79ce41172195bfe99c1e2aedbc1db

  • SHA256

    4bb5700ff072f1d563a456b878481ba523cc45cd9517539dc2b640174727c9ec

  • SHA512

    c6538d6a169d37b685e2ccb9f1deee365946735947b16576fb915b5988b1956da32298e641c8cf2c367813786c5e29730c83397ab0bcee9e7ba82a230e45eb5c

  • SSDEEP

    12288:NDIWlcxVmnXbvMH4/pdcyd163+bX4v9Y/gM1oZPkYU7pMAlcZfj7g1P:NDIIXQuz1bIVYHYRQcZG

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      23e473332d88b997592273f52100dd71_JaffaCakes118

    • Size

      1014KB

    • MD5

      23e473332d88b997592273f52100dd71

    • SHA1

      632af0c3d2d79ce41172195bfe99c1e2aedbc1db

    • SHA256

      4bb5700ff072f1d563a456b878481ba523cc45cd9517539dc2b640174727c9ec

    • SHA512

      c6538d6a169d37b685e2ccb9f1deee365946735947b16576fb915b5988b1956da32298e641c8cf2c367813786c5e29730c83397ab0bcee9e7ba82a230e45eb5c

    • SSDEEP

      12288:NDIWlcxVmnXbvMH4/pdcyd163+bX4v9Y/gM1oZPkYU7pMAlcZfj7g1P:NDIIXQuz1bIVYHYRQcZG

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks