General
-
Target
55a1fb469efa963549e59c7a0eff67f4_JaffaCakes118
-
Size
787KB
-
Sample
240518-tp7c4sca72
-
MD5
55a1fb469efa963549e59c7a0eff67f4
-
SHA1
0d6e042c881615a6889f0b03575be5b757f2915e
-
SHA256
7e15ae3b4ea92d200cbe0493b8c8a9a2daa4925a790fd870987acaa58b58f3a4
-
SHA512
86034981fdd4daa512b175a00340221aeb878ddd02fe7740d1b859eeb0d3fc424ab088087d596cce74630996b694d2ad46af93cbf18b10731cbf89ce388b55e3
-
SSDEEP
24576:FF3OOySsMzc98q9OxDA40AdIifvxkzMVegv0sTtlVj:FF3zyFD79sAdgFnxkcntvj
Static task
static1
Behavioral task
behavioral1
Sample
DHL DELIVERY NOTIFICATIONS_PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DHL DELIVERY NOTIFICATIONS_PDF.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
DHL DELIVERY NOTIFICATIONS_PDF.exe
-
Size
1.2MB
-
MD5
db6402598c61afc744302ddee3709138
-
SHA1
19b9742924e8d6d648fb9a83cf51302a5558b4bb
-
SHA256
525fb87d7847f492ee968f742edba531d80ea6c877afe7e0b8e36a69203a1df3
-
SHA512
5e3085aef1725770ca24d484025dac7d0136b6c61f819a9a1bf794a4b76e2f405480e66a0ca416dee12ceb90ba481030ce0b3f83c6f07bd07e5e7224d6ac988d
-
SSDEEP
12288:FZGWfYACds2n3WLm7rT6mHgTBBEYKRCaavcf0C90ebshTd+doVDTniKmxCyWrDwT:LmPdsKPHwBDKnaC9kDifxEPXWxDCST
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-