General
-
Target
5a55c46f031c51c19ff3bca04096684e_JaffaCakes118
-
Size
668KB
-
Sample
240519-tx7nvafe3z
-
MD5
5a55c46f031c51c19ff3bca04096684e
-
SHA1
9dbac20857e5f72942e2d3f2bd584a0ed6620919
-
SHA256
1ac7b754c603722fc1a4c38cf6f23bde50edb667efa0a8abfd4f9008fc40ebce
-
SHA512
50428e9d58539e810063af1d56dd157f7442181d089c677c55e29936b8d4b98524c1f7b8f55929ffe5b11e51571cdb0d5890b663a12665030de5042bdbc410a6
-
SSDEEP
12288:FKEimK3hyzVkEtXQJ81Z7O5OWlf6+abnmgUiGvOC2bR+7j+NYe1uQkDZ:0EimohUlAmxaOWlWIOCzS+HRD
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
malaysia25
Targets
-
-
Target
5a55c46f031c51c19ff3bca04096684e_JaffaCakes118
-
Size
668KB
-
MD5
5a55c46f031c51c19ff3bca04096684e
-
SHA1
9dbac20857e5f72942e2d3f2bd584a0ed6620919
-
SHA256
1ac7b754c603722fc1a4c38cf6f23bde50edb667efa0a8abfd4f9008fc40ebce
-
SHA512
50428e9d58539e810063af1d56dd157f7442181d089c677c55e29936b8d4b98524c1f7b8f55929ffe5b11e51571cdb0d5890b663a12665030de5042bdbc410a6
-
SSDEEP
12288:FKEimK3hyzVkEtXQJ81Z7O5OWlf6+abnmgUiGvOC2bR+7j+NYe1uQkDZ:0EimohUlAmxaOWlWIOCzS+HRD
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-