Extracted

• • Target

    3993696c0cc918c566ad9c89b5be2593_JaffaCakes118

  • Size

    262KB

  • MD5

    3993696c0cc918c566ad9c89b5be2593

  • SHA1

    c119e09a1ab2a2d5aeccc588d0406a4ee5f16f7a

  • SHA256

    7c4bf29e8ed9f775fb2420ca56883196935cd0b6f4ccee62058818034caf8c96

  • SHA512

    9b0d289c69c9d4e93779d1b82e9442f851e1ca2f2fd73e25192c6944cf5f52321509fe9f07553808a59bef5a2c851c384057d3b206045090ffef6b632d129ca5

  • SSDEEP

    6144:tJXQh6uTjQ4rVmh3k4cSbgzsdrVRRetrEpsKHAK3g3UHYTvLRUQSOObAIASgrtH0:fOJcsgHoRIDCzc

  Score

  10^/10

  hawkeyekeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2