General
-
Target
94d842858cae2530e7f3b91f6eb368dc_JaffaCakes118
-
Size
2.1MB
-
Sample
240604-ppdzcaga5s
-
MD5
94d842858cae2530e7f3b91f6eb368dc
-
SHA1
95624366b632b4e403ab705b95b4bd96abe684b4
-
SHA256
7efffc190ffed0203e3628c22d62f2450b0af7a7d5d03f15e1b62274a5acc171
-
SHA512
75d821aac30c93949792109793b3a8a72f408bc5565acfd8dcdac05fa136574785268e109641e885078766d7bb5ef5f15f701596dd7f88257b09fac01ef1edce
-
SSDEEP
12288:210NYGq5iGarLcGAugfUzdwmnX4xBDGSD2vMnw6+uJFhMKDEv+iSV:2c5cibyugGwu4xZGsnw6/JFhhQ8
Static task
static1
Behavioral task
behavioral1
Sample
94d842858cae2530e7f3b91f6eb368dc_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
94d842858cae2530e7f3b91f6eb368dc_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
[email protected] - Password:
angelboy12
Targets
-
-
Target
94d842858cae2530e7f3b91f6eb368dc_JaffaCakes118
-
Size
2.1MB
-
MD5
94d842858cae2530e7f3b91f6eb368dc
-
SHA1
95624366b632b4e403ab705b95b4bd96abe684b4
-
SHA256
7efffc190ffed0203e3628c22d62f2450b0af7a7d5d03f15e1b62274a5acc171
-
SHA512
75d821aac30c93949792109793b3a8a72f408bc5565acfd8dcdac05fa136574785268e109641e885078766d7bb5ef5f15f701596dd7f88257b09fac01ef1edce
-
SSDEEP
12288:210NYGq5iGarLcGAugfUzdwmnX4xBDGSD2vMnw6+uJFhMKDEv+iSV:2c5cibyugGwu4xZGsnw6/JFhhQ8
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-