General
-
Target
2b478db2af56153a2cee33f71213cc2f_JaffaCakes118
-
Size
753KB
-
Sample
240509-wz1pesbb39
-
MD5
2b478db2af56153a2cee33f71213cc2f
-
SHA1
bce28f5f6b310898c08413b94b4cdb2b15dce4b8
-
SHA256
934fa3c723ef0371168b39cec66e9f23297d9cd1d6eeae9db2b602044bfdfff1
-
SHA512
64ce4bb46478d21f225d22b8733efbf03d4e18093fe2692ed189060e46a3e3d92f77727699a9f5f09aeca9969229bc4bbac6a3f673680eac403101334517e019
-
SSDEEP
12288:xgB3AAoSMCDXZyPheGF/oP5mjp3kn4OuLh/7/pUwp/ihyvPRr:IqTeJ+heG9jpzOohz/CwBihc
Malware Config
Targets
-
-
Target
2b478db2af56153a2cee33f71213cc2f_JaffaCakes118
-
Size
753KB
-
MD5
2b478db2af56153a2cee33f71213cc2f
-
SHA1
bce28f5f6b310898c08413b94b4cdb2b15dce4b8
-
SHA256
934fa3c723ef0371168b39cec66e9f23297d9cd1d6eeae9db2b602044bfdfff1
-
SHA512
64ce4bb46478d21f225d22b8733efbf03d4e18093fe2692ed189060e46a3e3d92f77727699a9f5f09aeca9969229bc4bbac6a3f673680eac403101334517e019
-
SSDEEP
12288:xgB3AAoSMCDXZyPheGF/oP5mjp3kn4OuLh/7/pUwp/ihyvPRr:IqTeJ+heG9jpzOohz/CwBihc
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-