General
-
Target
3211d96fc77df555fdfb01c88d15e59b_JaffaCakes118
-
Size
767KB
-
Sample
240511-b18q7sea3v
-
MD5
3211d96fc77df555fdfb01c88d15e59b
-
SHA1
9622c5537f700dcb04eb59c2ec9e26b2cf6faa13
-
SHA256
e3f0781c31864934858d6981b799b707040a45d62486a3d14be8c73ee40110a2
-
SHA512
d815d1d66b57db2ceee1bc95885128c08c13a309420d81b6d083c5c8882fc2e758efed68dd3b197ab9c5f0a6cbcab0179c38c01cd484f7b5f4b77d695fe29d78
-
SSDEEP
12288:0wghXh7rpc5vWCvshlCGgm1jlFBYxdRicT2K/Selxq0KG+7mNQOSMVKAV4mfy:tSx7NcbC5lkEcqBJG+76VKABy
Malware Config
Targets
-
-
Target
3211d96fc77df555fdfb01c88d15e59b_JaffaCakes118
-
Size
767KB
-
MD5
3211d96fc77df555fdfb01c88d15e59b
-
SHA1
9622c5537f700dcb04eb59c2ec9e26b2cf6faa13
-
SHA256
e3f0781c31864934858d6981b799b707040a45d62486a3d14be8c73ee40110a2
-
SHA512
d815d1d66b57db2ceee1bc95885128c08c13a309420d81b6d083c5c8882fc2e758efed68dd3b197ab9c5f0a6cbcab0179c38c01cd484f7b5f4b77d695fe29d78
-
SSDEEP
12288:0wghXh7rpc5vWCvshlCGgm1jlFBYxdRicT2K/Selxq0KG+7mNQOSMVKAV4mfy:tSx7NcbC5lkEcqBJG+76VKABy
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-