Extracted

• • Target

    202f882a46b4f95ef5b3c161fdb00f06_JaffaCakes118

  • Size

    884KB

  • MD5

    202f882a46b4f95ef5b3c161fdb00f06

  • SHA1

    162181178d2f5a3d453e70bf1a369eedd89f103c

  • SHA256

    62e5f86d7df3d239abf531c4f14b5f6e486c34a866e80603b43aa925f8910f75

  • SHA512

    efbd3a74b355a9c7b02a169fd950686a1dafa3e8db5122b6787a65118fe77452d3b3aadc1634ab7a71eb0aa444187694f6000365ab02cbb893c25c330584e80a

  • SSDEEP

    12288:pYV6MorX7qzuC3QHO9FQVHPF51jgcgM751HzqhodTWjaX2IOXF3pWzEXVzJhCWQH:eBXu9HGaVHbHHWaXxQ1pWgZJAnRzl

  Score

  10^/10

  hawkeyecollectionkeyloggerspywarestealertrojanupx

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Drops startup file

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2