General

  • Target

    2b478db2af56153a2cee33f71213cc2f_JaffaCakes118

  • Size

    753KB

  • Sample

    240509-wz1pesbb39

  • MD5

    2b478db2af56153a2cee33f71213cc2f

  • SHA1

    bce28f5f6b310898c08413b94b4cdb2b15dce4b8

  • SHA256

    934fa3c723ef0371168b39cec66e9f23297d9cd1d6eeae9db2b602044bfdfff1

  • SHA512

    64ce4bb46478d21f225d22b8733efbf03d4e18093fe2692ed189060e46a3e3d92f77727699a9f5f09aeca9969229bc4bbac6a3f673680eac403101334517e019

  • SSDEEP

    12288:xgB3AAoSMCDXZyPheGF/oP5mjp3kn4OuLh/7/pUwp/ihyvPRr:IqTeJ+heG9jpzOohz/CwBihc

Malware Config

Targets

    • Target

      2b478db2af56153a2cee33f71213cc2f_JaffaCakes118

    • Size

      753KB

    • MD5

      2b478db2af56153a2cee33f71213cc2f

    • SHA1

      bce28f5f6b310898c08413b94b4cdb2b15dce4b8

    • SHA256

      934fa3c723ef0371168b39cec66e9f23297d9cd1d6eeae9db2b602044bfdfff1

    • SHA512

      64ce4bb46478d21f225d22b8733efbf03d4e18093fe2692ed189060e46a3e3d92f77727699a9f5f09aeca9969229bc4bbac6a3f673680eac403101334517e019

    • SSDEEP

      12288:xgB3AAoSMCDXZyPheGF/oP5mjp3kn4OuLh/7/pUwp/ihyvPRr:IqTeJ+heG9jpzOohz/CwBihc

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks