General

  • Target

    39701f5c18d18cd690f7ded4f1ea958e_JaffaCakes118

  • Size

    92KB

  • Sample

    240711-rd2mdasakd

  • MD5

    39701f5c18d18cd690f7ded4f1ea958e

  • SHA1

    982abd7a3c93c48536917a958fc97252f5e225e1

  • SHA256

    afcaaf746e58ff7c2976963accf7b032cb21a028a6857b5a7f542dbb335b2b2c

  • SHA512

    cb804688ca6496a0f4a06f56a561134aaf1f9631b2e4e8de4ffa5a7ca183c7d8a221a8d3a3ea33efe7a6505bfab5dea115f9ac24b33333f4523bad68433314ff

  • SSDEEP

    1536:sEUQjlDAMOcnNFCEcK3gGrvOAoY7ld0ckN3wTr3iAkHyy+dOrrrrrr:sVulMMlXE+g41jkNyTr

Malware Config

Targets

    • Target

      39701f5c18d18cd690f7ded4f1ea958e_JaffaCakes118

    • Size

      92KB

    • MD5

      39701f5c18d18cd690f7ded4f1ea958e

    • SHA1

      982abd7a3c93c48536917a958fc97252f5e225e1

    • SHA256

      afcaaf746e58ff7c2976963accf7b032cb21a028a6857b5a7f542dbb335b2b2c

    • SHA512

      cb804688ca6496a0f4a06f56a561134aaf1f9631b2e4e8de4ffa5a7ca183c7d8a221a8d3a3ea33efe7a6505bfab5dea115f9ac24b33333f4523bad68433314ff

    • SSDEEP

      1536:sEUQjlDAMOcnNFCEcK3gGrvOAoY7ld0ckN3wTr3iAkHyy+dOrrrrrr:sVulMMlXE+g41jkNyTr

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks