General
-
Target
b99cee8603eb58c97143d9575136f761_JaffaCakes118
-
Size
715KB
-
Sample
240617-x3pa8svenk
-
MD5
b99cee8603eb58c97143d9575136f761
-
SHA1
b8493cee69910b95b3f96f74bbc7a4f8d58bb641
-
SHA256
9452d4be264c5593bef4704be62d993a14eeb2114287815afbc6d580742ec27e
-
SHA512
a675810935be4c20da12e6fbbd34c1a25bb2bdc977710a4d322f4514422e776c0c41b234f28a7cca81586dd9e3d1405e84170bde5a3efd31925b40c2a4a7c76a
-
SSDEEP
12288:tiEkrrgWLqwj5+SSBcvCJ69d9K511Ed+ovcQOjuQ6xN9kw0Uf:tiDrrZOwjM7C3+ovcQOKQqNyw0U
Static task
static1
Behavioral task
behavioral1
Sample
b99cee8603eb58c97143d9575136f761_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b99cee8603eb58c97143d9575136f761_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
b99cee8603eb58c97143d9575136f761_JaffaCakes118
-
Size
715KB
-
MD5
b99cee8603eb58c97143d9575136f761
-
SHA1
b8493cee69910b95b3f96f74bbc7a4f8d58bb641
-
SHA256
9452d4be264c5593bef4704be62d993a14eeb2114287815afbc6d580742ec27e
-
SHA512
a675810935be4c20da12e6fbbd34c1a25bb2bdc977710a4d322f4514422e776c0c41b234f28a7cca81586dd9e3d1405e84170bde5a3efd31925b40c2a4a7c76a
-
SSDEEP
12288:tiEkrrgWLqwj5+SSBcvCJ69d9K511Ed+ovcQOjuQ6xN9kw0Uf:tiDrrZOwjM7C3+ovcQOKQqNyw0U
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-