General

  • Target

    85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118

  • Size

    780KB

  • Sample

    240531-eced8sfb62

  • MD5

    85e41a65ff21c6d4d41df8e23bffa808

  • SHA1

    b22a88e0a71d7d6d248f403fb8ba989af1911fa2

  • SHA256

    376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6

  • SHA512

    95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652

  • SSDEEP

    12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.porr.com.mk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Sas@@1234

Targets

    • Target

      85e41a65ff21c6d4d41df8e23bffa808_JaffaCakes118

    • Size

      780KB

    • MD5

      85e41a65ff21c6d4d41df8e23bffa808

    • SHA1

      b22a88e0a71d7d6d248f403fb8ba989af1911fa2

    • SHA256

      376b073f2248a13be1b834e616d9625cddf689b36258bf42143efded46ea67f6

    • SHA512

      95c4b121b8146f7d970c848cc46880295c8b19fb5eb60158439cf52aeac0b9cb744052ffaac8df3d26272093ea2e3e39d357069f7ddb31e514fe25cf322e4652

    • SSDEEP

      12288:ICG20qQOGFoJDQ+GqAFuFUld+gpH1OHMhrhBKu3fN:ICuqtioJDQ9qQuGX+gpH1OcBn

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks