Extracted

Extracted

• • Target

    4245f76471e5837dd3323e07bf7e6bda_JaffaCakes118

  • Size

    736KB

  • MD5

    4245f76471e5837dd3323e07bf7e6bda

  • SHA1

    2ec34da792c51acc16efb2e618e13e361a8866ed

  • SHA256

    ed1bc0cf788dac18aeaf4cc9fb125b9721931e4f0b7fde56ef08993ad975fb1a

  • SHA512

    83eac9a8e46257d7432a8c5df3befcabded63f9061879e8bd76efe497c48f7453124b6c6495afebb7f93784cbdfc283053a7a815ba8957f04ba486b35d7d9de6

  • SSDEEP

    12288:UfHjv8bKWzon9/eltgjq77hrkY8PJgRfLuQrXhspyPn3zaJV:UYzz+St0q77hrIJErXhsADa

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggerzgratagilenetcollectioninfostealerkeyloggerpersistenceratspywarestealertrojan

  • Detect ZGRat V1

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2