General

  • Target

    24eca305562ce8bd4f36ac89298175d6_JaffaCakes118

  • Size

    552KB

  • Sample

    240508-p4l89sfh62

  • MD5

    24eca305562ce8bd4f36ac89298175d6

  • SHA1

    52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357

  • SHA256

    384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

  • SHA512

    dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7

  • SSDEEP

    12288:E9rD+H23OO3n/LpPxM35B9qgObN8F6qlfNUqIFzGRIF6nj1K20XdDixi8B7xDFCs:CrDF3ln/Llib0J2

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      24eca305562ce8bd4f36ac89298175d6_JaffaCakes118

    • Size

      552KB

    • MD5

      24eca305562ce8bd4f36ac89298175d6

    • SHA1

      52526f5c8d2e21c7e7bd1d914bf1fbf11ed88357

    • SHA256

      384e6e90221ab95f95634da7b74e83cc7f8cff13583b50781a08fe3149273b10

    • SHA512

      dd246df54817d47bd6bdcdaaeae708c9a40f252a350f27932f45c72f8db225baef02bd771835cbf41e4609c78bd4db323eca25e670d3264f335ebe608abe40d7

    • SSDEEP

      12288:E9rD+H23OO3n/LpPxM35B9qgObN8F6qlfNUqIFzGRIF6nj1K20XdDixi8B7xDFCs:CrDF3ln/Llib0J2

    Score
    9/10
    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks