General

  • Target

    b99cee8603eb58c97143d9575136f761_JaffaCakes118

  • Size

    715KB

  • Sample

    240617-x3pa8svenk

  • MD5

    b99cee8603eb58c97143d9575136f761

  • SHA1

    b8493cee69910b95b3f96f74bbc7a4f8d58bb641

  • SHA256

    9452d4be264c5593bef4704be62d993a14eeb2114287815afbc6d580742ec27e

  • SHA512

    a675810935be4c20da12e6fbbd34c1a25bb2bdc977710a4d322f4514422e776c0c41b234f28a7cca81586dd9e3d1405e84170bde5a3efd31925b40c2a4a7c76a

  • SSDEEP

    12288:tiEkrrgWLqwj5+SSBcvCJ69d9K511Ed+ovcQOjuQ6xN9kw0Uf:tiDrrZOwjM7C3+ovcQOKQqNyw0U

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      b99cee8603eb58c97143d9575136f761_JaffaCakes118

    • Size

      715KB

    • MD5

      b99cee8603eb58c97143d9575136f761

    • SHA1

      b8493cee69910b95b3f96f74bbc7a4f8d58bb641

    • SHA256

      9452d4be264c5593bef4704be62d993a14eeb2114287815afbc6d580742ec27e

    • SHA512

      a675810935be4c20da12e6fbbd34c1a25bb2bdc977710a4d322f4514422e776c0c41b234f28a7cca81586dd9e3d1405e84170bde5a3efd31925b40c2a4a7c76a

    • SSDEEP

      12288:tiEkrrgWLqwj5+SSBcvCJ69d9K511Ed+ovcQOjuQ6xN9kw0Uf:tiDrrZOwjM7C3+ovcQOKQqNyw0U

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks