General

  • Target

    3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240512-ztxx5aff3s

  • MD5

    3c0cc61d633c30764694e7eb94eaefdf

  • SHA1

    0e15ebfcff38788c4202528caf66ff108732beb5

  • SHA256

    143d72715962168a2f4a7a0a89ec9a9f8cca38adcb02bff7ce612e134d96212e

  • SHA512

    a7771e5786424d72e522f4bf939823fa5821f263d9927cf0ba610d33fb95666d55bbaa93354c4e2f5d566cbaa821b35f5afd277da1c7604486187fe1285e64cb

  • SSDEEP

    24576:XeQGdgZ+IlLVgKfLiVu3lJ9NCjfC+7cXeeUpHzlt:uLdwzVgKfGCNCe+gXGRt

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118

    • Size

      1.1MB

    • MD5

      3c0cc61d633c30764694e7eb94eaefdf

    • SHA1

      0e15ebfcff38788c4202528caf66ff108732beb5

    • SHA256

      143d72715962168a2f4a7a0a89ec9a9f8cca38adcb02bff7ce612e134d96212e

    • SHA512

      a7771e5786424d72e522f4bf939823fa5821f263d9927cf0ba610d33fb95666d55bbaa93354c4e2f5d566cbaa821b35f5afd277da1c7604486187fe1285e64cb

    • SSDEEP

      24576:XeQGdgZ+IlLVgKfLiVu3lJ9NCjfC+7cXeeUpHzlt:uLdwzVgKfGCNCe+gXGRt

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks