General

  • Target

    2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240510-bcs1vahd61

  • MD5

    2c919dec833098049a7a8cfd0c450cf8

  • SHA1

    3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8

  • SHA256

    02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f

  • SHA512

    11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2

  • SSDEEP

    24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118

    • Size

      1.1MB

    • MD5

      2c919dec833098049a7a8cfd0c450cf8

    • SHA1

      3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8

    • SHA256

      02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f

    • SHA512

      11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2

    • SSDEEP

      24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks