General
-
Target
3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118
-
Size
1.1MB
-
Sample
240512-ztxx5aff3s
-
MD5
3c0cc61d633c30764694e7eb94eaefdf
-
SHA1
0e15ebfcff38788c4202528caf66ff108732beb5
-
SHA256
143d72715962168a2f4a7a0a89ec9a9f8cca38adcb02bff7ce612e134d96212e
-
SHA512
a7771e5786424d72e522f4bf939823fa5821f263d9927cf0ba610d33fb95666d55bbaa93354c4e2f5d566cbaa821b35f5afd277da1c7604486187fe1285e64cb
-
SSDEEP
24576:XeQGdgZ+IlLVgKfLiVu3lJ9NCjfC+7cXeeUpHzlt:uLdwzVgKfGCNCe+gXGRt
Static task
static1
Behavioral task
behavioral1
Sample
3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
3c0cc61d633c30764694e7eb94eaefdf_JaffaCakes118
-
Size
1.1MB
-
MD5
3c0cc61d633c30764694e7eb94eaefdf
-
SHA1
0e15ebfcff38788c4202528caf66ff108732beb5
-
SHA256
143d72715962168a2f4a7a0a89ec9a9f8cca38adcb02bff7ce612e134d96212e
-
SHA512
a7771e5786424d72e522f4bf939823fa5821f263d9927cf0ba610d33fb95666d55bbaa93354c4e2f5d566cbaa821b35f5afd277da1c7604486187fe1285e64cb
-
SSDEEP
24576:XeQGdgZ+IlLVgKfLiVu3lJ9NCjfC+7cXeeUpHzlt:uLdwzVgKfGCNCe+gXGRt
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-