General
-
Target
56e4cedb683a9d1c2b482de3d06d9c09_JaffaCakes118
-
Size
1.0MB
-
Sample
240518-1ctptagf5s
-
MD5
56e4cedb683a9d1c2b482de3d06d9c09
-
SHA1
124e7d162912def22d98975df2f0186b5b4af207
-
SHA256
88b19a54e96629881f26ac18f867e1452d76ea240d1aaf6dd9a31c49a75e1a4c
-
SHA512
2325ecfc44d3317c949c568d7f755064e074b11573a366cfc15a35ca9ecaf5c22de6ee104f3f41e86ffee0fae2473948a2ac1b993cb89872024307eeabc49a48
-
SSDEEP
24576:bImhov8yv3Xkl4LhiRNJw4RBzjLIHVnVtH:Lov8yv/did37vuNH
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
crissunslogs@gmail.com - Password:
samsung05@@@
Targets
-
-
Target
56e4cedb683a9d1c2b482de3d06d9c09_JaffaCakes118
-
Size
1.0MB
-
MD5
56e4cedb683a9d1c2b482de3d06d9c09
-
SHA1
124e7d162912def22d98975df2f0186b5b4af207
-
SHA256
88b19a54e96629881f26ac18f867e1452d76ea240d1aaf6dd9a31c49a75e1a4c
-
SHA512
2325ecfc44d3317c949c568d7f755064e074b11573a366cfc15a35ca9ecaf5c22de6ee104f3f41e86ffee0fae2473948a2ac1b993cb89872024307eeabc49a48
-
SSDEEP
24576:bImhov8yv3Xkl4LhiRNJw4RBzjLIHVnVtH:Lov8yv/did37vuNH
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-