General

  • Target

    55a1fb469efa963549e59c7a0eff67f4_JaffaCakes118

  • Size

    787KB

  • Sample

    240518-tp7c4sca72

  • MD5

    55a1fb469efa963549e59c7a0eff67f4

  • SHA1

    0d6e042c881615a6889f0b03575be5b757f2915e

  • SHA256

    7e15ae3b4ea92d200cbe0493b8c8a9a2daa4925a790fd870987acaa58b58f3a4

  • SHA512

    86034981fdd4daa512b175a00340221aeb878ddd02fe7740d1b859eeb0d3fc424ab088087d596cce74630996b694d2ad46af93cbf18b10731cbf89ce388b55e3

  • SSDEEP

    24576:FF3OOySsMzc98q9OxDA40AdIifvxkzMVegv0sTtlVj:FF3zyFD79sAdgFnxkcntvj

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      DHL DELIVERY NOTIFICATIONS_PDF.exe

    • Size

      1.2MB

    • MD5

      db6402598c61afc744302ddee3709138

    • SHA1

      19b9742924e8d6d648fb9a83cf51302a5558b4bb

    • SHA256

      525fb87d7847f492ee968f742edba531d80ea6c877afe7e0b8e36a69203a1df3

    • SHA512

      5e3085aef1725770ca24d484025dac7d0136b6c61f819a9a1bf794a4b76e2f405480e66a0ca416dee12ceb90ba481030ce0b3f83c6f07bd07e5e7224d6ac988d

    • SSDEEP

      12288:FZGWfYACds2n3WLm7rT6mHgTBBEYKRCaavcf0C90ebshTd+doVDTniKmxCyWrDwT:LmPdsKPHwBDKnaC9kDifxEPXWxDCST

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks