General
-
Target
65aabdf3652772fae9a09fe342f7d5b7_JaffaCakes118
-
Size
1.1MB
-
Sample
240522-csjb1shd5z
-
MD5
65aabdf3652772fae9a09fe342f7d5b7
-
SHA1
6467d98301450db586991ca8b4a65119c163df12
-
SHA256
f621a1b20e621f90f289b2652beb0117b965393665932a1a33b73541350ab708
-
SHA512
3d798988fefbd8a60b1a89635d682c0b76c8b8e938aafd88e6be981f15fdb9ad166185da07474d37476526b5b58dc1de43fef0968c67db524c5857c1ca6035a0
-
SSDEEP
24576:gyWHJopc3AfngOtY/M3LpvMyeiR9OCOjXKp7pGt4HqSxvA92nHM11TLi:gy4opOAnIkbpvMmOj+pGWK0AUGTLi
Malware Config
Targets
-
-
Target
Specification and shematic Diagram.exe
-
Size
1.4MB
-
MD5
6d8d586a1feda0d474f0d3c6efbdd706
-
SHA1
a66fc9adce64f992d7a0093d8e8c78b647ac2220
-
SHA256
d69d517b51057301a5b0e44b6ecd8dceb2c6e9f6ba9db39a002d9078169d69d5
-
SHA512
8de88c81690c38e3af5fdbecc53dc9aa042ad38f7bf60c2d7c3906e98210bf5c1a954aca861175e78fe12db4909fc16cc9f54cb33b6923c9b57975b6bf5d8829
-
SSDEEP
24576:eUfUDtdfFQ0QPEhyxv4+gR9P+S2f8dQWdY7Dx1EAhd:eaUujPKy5q9+SvQWO7wA
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-