General
-
Target
3a4b5669a9bf7c169b932ddbff33b59d_JaffaCakes118
-
Size
781KB
-
Sample
240512-qhmtcagb7y
-
MD5
3a4b5669a9bf7c169b932ddbff33b59d
-
SHA1
2fa1301131d575ab034495a743df5e58b4aea00c
-
SHA256
750a251b2cb599537856bfd91bb2249407dca68f0f77b4d8d5f6fa6950630000
-
SHA512
506d252430c5c4424caae0215e01c662c9c12f682333f407477beb21cbcf2d009811e4edab011d8a3aeb1331ee317858a0d3d51baa055fec49a4e619ea95ade1
-
SSDEEP
12288:D9bqQOGV1JbIL9YZ0k8vOkkP3qgV/l6TbKA4BRAiPrcG3bSw8:Jqtos9Yuk8vyPMqLCiPwA+w8
Static task
static1
Behavioral task
behavioral1
Sample
3a4b5669a9bf7c169b932ddbff33b59d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a4b5669a9bf7c169b932ddbff33b59d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Extracted
Protocol: smtp- Host:
SMTP.zoho.com - Port:
587 - Username:
[email protected] - Password:
Tunde1992$$
Targets
-
-
Target
3a4b5669a9bf7c169b932ddbff33b59d_JaffaCakes118
-
Size
781KB
-
MD5
3a4b5669a9bf7c169b932ddbff33b59d
-
SHA1
2fa1301131d575ab034495a743df5e58b4aea00c
-
SHA256
750a251b2cb599537856bfd91bb2249407dca68f0f77b4d8d5f6fa6950630000
-
SHA512
506d252430c5c4424caae0215e01c662c9c12f682333f407477beb21cbcf2d009811e4edab011d8a3aeb1331ee317858a0d3d51baa055fec49a4e619ea95ade1
-
SSDEEP
12288:D9bqQOGV1JbIL9YZ0k8vOkkP3qgV/l6TbKA4BRAiPrcG3bSw8:Jqtos9Yuk8vyPMqLCiPwA+w8
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-