General
-
Target
36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118
-
Size
1.1MB
-
Sample
240511-2a95fsbh5w
-
MD5
36db1e26a1a79efc953e56ab8f4956c4
-
SHA1
09f7a2f2148b5be0c96fc43928751ebd9deee935
-
SHA256
ea927b1ad0a23078d15f4789b2e2dc4956315725538b2e52410b5b3e1f4a1b33
-
SHA512
fadd5f519c245a8bb7594c297123ec10d30ded76f8fedc90525d7eadf0a7d2db7bba9d221b8f11847abb82a59d25300965a5709ea6ed074e303812153abcb2ab
-
SSDEEP
12288:YhAI2pfi6HXuWSuACYMS0OHDYG7sYoH5trz7jhzunzYmAi1zWlY+oMk+y3NhyO6:YhjAK6HzSN/MS0tZJ66
Static task
static1
Behavioral task
behavioral1
Sample
36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118
-
Size
1.1MB
-
MD5
36db1e26a1a79efc953e56ab8f4956c4
-
SHA1
09f7a2f2148b5be0c96fc43928751ebd9deee935
-
SHA256
ea927b1ad0a23078d15f4789b2e2dc4956315725538b2e52410b5b3e1f4a1b33
-
SHA512
fadd5f519c245a8bb7594c297123ec10d30ded76f8fedc90525d7eadf0a7d2db7bba9d221b8f11847abb82a59d25300965a5709ea6ed074e303812153abcb2ab
-
SSDEEP
12288:YhAI2pfi6HXuWSuACYMS0OHDYG7sYoH5trz7jhzunzYmAi1zWlY+oMk+y3NhyO6:YhjAK6HzSN/MS0tZJ66
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Sets file execution options in registry
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-