General
-
Target
2474d228dd56d4f2e2998c51c01a677e_JaffaCakes118
-
Size
949KB
-
Sample
240508-mpe6asgc7w
-
MD5
2474d228dd56d4f2e2998c51c01a677e
-
SHA1
80d9139b2346234e11e89963e24c070029aa8ea2
-
SHA256
068d2f2923daf2dc3218a6c0caffab5880e3de0a76605794d47cad04b0a76805
-
SHA512
684e6e7bb35ed413cae007ce97484db7065834d2a9d89b46cfc211c0d06b3f810547bb5f308501c01ae7b6760554039e06c288dde3731db8d7536ea0ec3ccb4a
-
SSDEEP
24576:Io/1hsjCO3mFQSWhq0ddip3wQtRZdAWFd6xc0Zg7iq:z1hxO37s0fYntiWFd66Gg7iq
Malware Config
Targets
-
-
Target
2474d228dd56d4f2e2998c51c01a677e_JaffaCakes118
-
Size
949KB
-
MD5
2474d228dd56d4f2e2998c51c01a677e
-
SHA1
80d9139b2346234e11e89963e24c070029aa8ea2
-
SHA256
068d2f2923daf2dc3218a6c0caffab5880e3de0a76605794d47cad04b0a76805
-
SHA512
684e6e7bb35ed413cae007ce97484db7065834d2a9d89b46cfc211c0d06b3f810547bb5f308501c01ae7b6760554039e06c288dde3731db8d7536ea0ec3ccb4a
-
SSDEEP
24576:Io/1hsjCO3mFQSWhq0ddip3wQtRZdAWFd6xc0Zg7iq:z1hxO37s0fYntiWFd66Gg7iq
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-