General

  • Target

    36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240511-2a95fsbh5w

  • MD5

    36db1e26a1a79efc953e56ab8f4956c4

  • SHA1

    09f7a2f2148b5be0c96fc43928751ebd9deee935

  • SHA256

    ea927b1ad0a23078d15f4789b2e2dc4956315725538b2e52410b5b3e1f4a1b33

  • SHA512

    fadd5f519c245a8bb7594c297123ec10d30ded76f8fedc90525d7eadf0a7d2db7bba9d221b8f11847abb82a59d25300965a5709ea6ed074e303812153abcb2ab

  • SSDEEP

    12288:YhAI2pfi6HXuWSuACYMS0OHDYG7sYoH5trz7jhzunzYmAi1zWlY+oMk+y3NhyO6:YhjAK6HzSN/MS0tZJ66

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      36db1e26a1a79efc953e56ab8f4956c4_JaffaCakes118

    • Size

      1.1MB

    • MD5

      36db1e26a1a79efc953e56ab8f4956c4

    • SHA1

      09f7a2f2148b5be0c96fc43928751ebd9deee935

    • SHA256

      ea927b1ad0a23078d15f4789b2e2dc4956315725538b2e52410b5b3e1f4a1b33

    • SHA512

      fadd5f519c245a8bb7594c297123ec10d30ded76f8fedc90525d7eadf0a7d2db7bba9d221b8f11847abb82a59d25300965a5709ea6ed074e303812153abcb2ab

    • SSDEEP

      12288:YhAI2pfi6HXuWSuACYMS0OHDYG7sYoH5trz7jhzunzYmAi1zWlY+oMk+y3NhyO6:YhjAK6HzSN/MS0tZJ66

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Sets file execution options in registry

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks