General
-
Target
2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118
-
Size
1.1MB
-
Sample
240510-bcs1vahd61
-
MD5
2c919dec833098049a7a8cfd0c450cf8
-
SHA1
3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8
-
SHA256
02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f
-
SHA512
11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2
-
SSDEEP
24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu
Static task
static1
Behavioral task
behavioral1
Sample
2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
2c919dec833098049a7a8cfd0c450cf8_JaffaCakes118
-
Size
1.1MB
-
MD5
2c919dec833098049a7a8cfd0c450cf8
-
SHA1
3d9ea583c354fb23cc8a20ef27672ebb15ddf7b8
-
SHA256
02162e66736d7dede5ad647787622f441fa5c5595bd7229990b6f37f5a2dda5f
-
SHA512
11719779c366076bdf2069990b3b19515b8d1f6aa2727bfb933603f5a2fc42bd3e0cf3672834c37d587bcd01e0509bee3ca6a081c84fc660a88e2c08d9632ed2
-
SSDEEP
24576:N9lfviu36L2txT1AYRbb3LSj2r1Ofa1SIXBL+SH68HzlVu:NR6ypb3LnOC1SIRLW8RVu
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-