General
-
Target
9b85dba21787f176733a9bf5f7f0ba75_JaffaCakes118
-
Size
632KB
-
Sample
240610-wf6rbsvfqq
-
MD5
9b85dba21787f176733a9bf5f7f0ba75
-
SHA1
5f43da5607aec4c356f535699a4281aa6804858c
-
SHA256
96b00cba77c307a51ecc207c3bafb7af3da5c8f51154b5056ff98a6844ac4f96
-
SHA512
2709706fde37da5b76241119b6e8ead87224d68840fe60b5f2daf0419b1e69b1909783a5e1bbc715bc99a7daa4a7554ce73fdb79cd7b1b931ed0ffde22ab7a24
-
SSDEEP
12288:L47eV+T29RXQN4xrBOQdAWhKbimInshAVs12eLyykYq5Z1B+L3wQzqNK6:yekT2PQQSWYimBaVsFW8qJ3sOK6
Malware Config
Targets
-
-
Target
9b85dba21787f176733a9bf5f7f0ba75_JaffaCakes118
-
Size
632KB
-
MD5
9b85dba21787f176733a9bf5f7f0ba75
-
SHA1
5f43da5607aec4c356f535699a4281aa6804858c
-
SHA256
96b00cba77c307a51ecc207c3bafb7af3da5c8f51154b5056ff98a6844ac4f96
-
SHA512
2709706fde37da5b76241119b6e8ead87224d68840fe60b5f2daf0419b1e69b1909783a5e1bbc715bc99a7daa4a7554ce73fdb79cd7b1b931ed0ffde22ab7a24
-
SSDEEP
12288:L47eV+T29RXQN4xrBOQdAWhKbimInshAVs12eLyykYq5Z1B+L3wQzqNK6:yekT2PQQSWYimBaVsFW8qJ3sOK6
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-