General
-
Target
87be39d73c04eaaa810c467979464abf_JaffaCakes118
-
Size
506KB
-
Sample
240531-vqqx7aff88
-
MD5
87be39d73c04eaaa810c467979464abf
-
SHA1
2625f55d8f70d14721ea1c17095c3c081fdc40ec
-
SHA256
51fef8e428e33333c31c9026232baa98efdc3a586c55c808859065a964b56c5d
-
SHA512
95222db9abb81227ca3a9cab7425261eaf102b0e3703a761aca6907a5598ce16414febadab53d91c72d4c3d1f0a9de183843bca34424ed1cee5fceb37d34013c
-
SSDEEP
12288:I6M4YqgiE4gXUKNCN11Jxictnmpg5ROlerTE7wBUwO5ds80:bci2U3pxicqMrTE7wuP70
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT-PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PAYMENT-PDF.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
PAYMENT-PDF.exe
-
Size
518KB
-
MD5
d8b7335d7669b24ddb9b239953f0d7a7
-
SHA1
f119bea19f892adc161a0ebb15ffbcc8150cc3c5
-
SHA256
39a4ec5ad4a36ea2d1be630d203942fc63badf94dcdb1384fb8a9e88431c92d9
-
SHA512
96c2ef1da4c5c1f55c17cadd46959a0ec8c0d9ddc947ac2c5c85fb9a3910d76436079ce2ed739c4f27f5d54cd8d1776670aeea305061fc43a046c92ebfbe515e
-
SSDEEP
12288:mEtjkdhUeFE6ySHS+aoISuYZ0kaJWIkkQNvnr5de:mDZE6hSDoISnqkAvQNvnr5g
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-