General
-
Target
ad504b9546552a0460fd43dea75518e8_JaffaCakes118
-
Size
932KB
-
Sample
240615-h67veswblj
-
MD5
ad504b9546552a0460fd43dea75518e8
-
SHA1
be7121427e81f53d2974ee3fea9d0f9da23216cd
-
SHA256
b41feedce0425906798df2ad314223032c5a92f19502da1cebdbd799f8233eec
-
SHA512
217192b11c5b6486f9440c3966bf98c316c35f3a35475d29f03cb7ed74791926c499ccc0cc5b644bf5270d640b9c867c825a634cfdfd1b82a376e0cb50f8337e
-
SSDEEP
24576:iPycmd+ZU/MK3MJVzkmq2tuDHa0IgSVnoqLod:Yjmd+ZUUnPzkmq+uDHa0IgSVno
Static task
static1
Behavioral task
behavioral1
Sample
ad504b9546552a0460fd43dea75518e8_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ad504b9546552a0460fd43dea75518e8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
ad504b9546552a0460fd43dea75518e8_JaffaCakes118
-
Size
932KB
-
MD5
ad504b9546552a0460fd43dea75518e8
-
SHA1
be7121427e81f53d2974ee3fea9d0f9da23216cd
-
SHA256
b41feedce0425906798df2ad314223032c5a92f19502da1cebdbd799f8233eec
-
SHA512
217192b11c5b6486f9440c3966bf98c316c35f3a35475d29f03cb7ed74791926c499ccc0cc5b644bf5270d640b9c867c825a634cfdfd1b82a376e0cb50f8337e
-
SSDEEP
24576:iPycmd+ZU/MK3MJVzkmq2tuDHa0IgSVnoqLod:Yjmd+ZUUnPzkmq+uDHa0IgSVno
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-