General
-
Target
7eb3242f494033c65654da082a99f276_JaffaCakes118
-
Size
1.7MB
-
Sample
240528-23lmkahc32
-
MD5
7eb3242f494033c65654da082a99f276
-
SHA1
1a1b5cb7ffdd1e4e7d4b5f8e1acfd67e81c6f55d
-
SHA256
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
SHA512
0de1f2db1c822df5e9ddcbc6cffd64c6c7332a8ed70167a878eb8ef9624d27c19542f543e51a7b68308b69af4f025dc65c32341c151990059916f67c0b0f971c
-
SSDEEP
24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaSKBM1xj9qLUIkXs6BMvZhMf8hSoIqN5:fh+ZkldoPK8YaSJ9GUIkc6evSmS4
Malware Config
Targets
-
-
Target
7eb3242f494033c65654da082a99f276_JaffaCakes118
-
Size
1.7MB
-
MD5
7eb3242f494033c65654da082a99f276
-
SHA1
1a1b5cb7ffdd1e4e7d4b5f8e1acfd67e81c6f55d
-
SHA256
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
SHA512
0de1f2db1c822df5e9ddcbc6cffd64c6c7332a8ed70167a878eb8ef9624d27c19542f543e51a7b68308b69af4f025dc65c32341c151990059916f67c0b0f971c
-
SSDEEP
24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaSKBM1xj9qLUIkXs6BMvZhMf8hSoIqN5:fh+ZkldoPK8YaSJ9GUIkc6evSmS4
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-