General

  • Target

    8152cac14bc11bd6c1b8a96815210daf_JaffaCakes118

  • Size

    608KB

  • Sample

    240529-v53kjaca81

  • MD5

    8152cac14bc11bd6c1b8a96815210daf

  • SHA1

    d724292b5cf0cfc479f06f8fa61bfd78cab782b2

  • SHA256

    8776a4ee8b6b13af9c666e4f6e55c7d970cb72d2f507f4fa6781fe7b94d390a3

  • SHA512

    9531a28c23a1b94c178f9cc226c6d5530efcc8b17708fd27395f4388a36de5abcc822c065df2b06a7fecc9c7628c6bfa8d15fb507904da96f4c888a5546c7d90

  • SSDEEP

    12288:pfU49eLWDQqXTqQJl6odMYQ1Y6kOxn5ItLHyApwzutsXC8WozrZCfojqHO7FgxNM:pfPkLWQqXDoA6kOx3y8WwZCfojcOmxD

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE$

Targets

    • Target

      8152cac14bc11bd6c1b8a96815210daf_JaffaCakes118

    • Size

      608KB

    • MD5

      8152cac14bc11bd6c1b8a96815210daf

    • SHA1

      d724292b5cf0cfc479f06f8fa61bfd78cab782b2

    • SHA256

      8776a4ee8b6b13af9c666e4f6e55c7d970cb72d2f507f4fa6781fe7b94d390a3

    • SHA512

      9531a28c23a1b94c178f9cc226c6d5530efcc8b17708fd27395f4388a36de5abcc822c065df2b06a7fecc9c7628c6bfa8d15fb507904da96f4c888a5546c7d90

    • SSDEEP

      12288:pfU49eLWDQqXTqQJl6odMYQ1Y6kOxn5ItLHyApwzutsXC8WozrZCfojqHO7FgxNM:pfPkLWQqXDoA6kOx3y8WwZCfojcOmxD

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks