General

  • Target

    309ad47536511a54f2ca61816eecf482_JaffaCakes118

  • Size

    774KB

  • Sample

    240510-xwdadscg2t

  • MD5

    309ad47536511a54f2ca61816eecf482

  • SHA1

    318855d6892631d44824f5d14361f0390c37b409

  • SHA256

    34dd58676093cd5f4106acfd008f9c440829d79ce8f59e16c2986f2eb2b70b81

  • SHA512

    5ff5728b580ac6408380fafc5b32c73e14497a1c86f8da8cb9f597b154015d22a446738ddc6d06fa8f569bc03d6af7d8b32dd829cd1c94d0140e11624a272343

  • SSDEEP

    24576:bys282bWFKKt/+D0KeYQVvJOSSL6HGlDVpFrCRAKY:s8UWFz/dKeYQ9gSSLoGVF2Rc

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      309ad47536511a54f2ca61816eecf482_JaffaCakes118

    • Size

      774KB

    • MD5

      309ad47536511a54f2ca61816eecf482

    • SHA1

      318855d6892631d44824f5d14361f0390c37b409

    • SHA256

      34dd58676093cd5f4106acfd008f9c440829d79ce8f59e16c2986f2eb2b70b81

    • SHA512

      5ff5728b580ac6408380fafc5b32c73e14497a1c86f8da8cb9f597b154015d22a446738ddc6d06fa8f569bc03d6af7d8b32dd829cd1c94d0140e11624a272343

    • SSDEEP

      24576:bys282bWFKKt/+D0KeYQVvJOSSL6HGlDVpFrCRAKY:s8UWFz/dKeYQ9gSSLoGVF2Rc

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks