General
-
Target
356198232be81a9e887eab01ad14d037_JaffaCakes118
-
Size
1.3MB
-
Sample
240511-tdsetaed7z
-
MD5
356198232be81a9e887eab01ad14d037
-
SHA1
06ead723b291a58715f5f08d3bfaa819030f5b36
-
SHA256
a5ce22e19a13b0ad26be00a9c005bbf8526d29a792045bfa6df15be0f2d7473f
-
SHA512
012cc5f84c76d5781dd212bad743a39c45bda6898f3d8570c4dd18c222f846423ee8137b57388d16ac8b02fc997d7954fc8b2e2fc1b426f42eae7b2e83a861a0
-
SSDEEP
24576:dU19yeKj7FhmK3qAU6Dd8vI7ZwRyuESqe9hLXIvwzMfpb5J2ArU9dIytJH8mnK3F:t
Malware Config
Targets
-
-
Target
356198232be81a9e887eab01ad14d037_JaffaCakes118
-
Size
1.3MB
-
MD5
356198232be81a9e887eab01ad14d037
-
SHA1
06ead723b291a58715f5f08d3bfaa819030f5b36
-
SHA256
a5ce22e19a13b0ad26be00a9c005bbf8526d29a792045bfa6df15be0f2d7473f
-
SHA512
012cc5f84c76d5781dd212bad743a39c45bda6898f3d8570c4dd18c222f846423ee8137b57388d16ac8b02fc997d7954fc8b2e2fc1b426f42eae7b2e83a861a0
-
SSDEEP
24576:dU19yeKj7FhmK3qAU6Dd8vI7ZwRyuESqe9hLXIvwzMfpb5J2ArU9dIytJH8mnK3F:t
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-