General
-
Target
85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118
-
Size
780KB
-
Sample
240531-eced8sfb62
-
MD5
85e41a65ff21c6d4d41df8e23bffa808
-
SHA1
b22a88e0a71d7d6d248f403fb8ba989af1911fa2
-
SHA256
376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6
-
SHA512
95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652
-
SSDEEP
12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn
Static task
static1
Behavioral task
behavioral1
Sample
85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Extracted
Protocol: smtp- Host:
mail.porr.com.mk - Port:
587 - Username:
[email protected] - Password:
Sas@@1234
Targets
-
-
Target
85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118
-
Size
780KB
-
MD5
85e41a65ff21c6d4d41df8e23bffa808
-
SHA1
b22a88e0a71d7d6d248f403fb8ba989af1911fa2
-
SHA256
376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6
-
SHA512
95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652
-
SSDEEP
12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-