General

  • Target

    77c0d92275f3c731ad9a65b18624cba6_JaffaCakes118

  • Size

    1012KB

  • Sample

    240527-dxjn1sfd95

  • MD5

    77c0d92275f3c731ad9a65b18624cba6

  • SHA1

    9739479e0254b3db03cddbf45ee300bca81c9d68

  • SHA256

    bc8916502006c13655027769ce62225fbf4e9e4380ac4c2aaf7892d45e058d4a

  • SHA512

    49b851bd909e28e7b34fc002d09e6f574cb401443b3a2342d5cb7cbbf1dfcccf22715f250a98df893b9d14a51e7d6f45255b6e107ae0c5358443c7bb52f8692c

  • SSDEEP

    24576:NlozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1S:NlGzaT/iI4SBSynB

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      Documents98376532453.exe

    • Size

      951KB

    • MD5

      0bf39869b08ade7c8ed45ff5a26f70c4

    • SHA1

      09ba2e264420ccd1cb0aae13501a7329c3493f54

    • SHA256

      a9b7dbcbe943925db368bcc5c700d3f77dde99190780b94dc9f1439fe17a4bba

    • SHA512

      4e17bfb64903b993f5aaa83ae844611566394a71596133d187ed2d38802b0c2d18781bbd6610f6628265ccc89fb1f4f69bae2a321048c38b104c1bab30259658

    • SSDEEP

      24576:/lozTZfU0l3vcCbatx3vi9uPnl2NSBSynBG1ST:/lGzaT/iI4SBSynBV

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Drops startup file

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks