General
-
Target
53dd759d56240beba49d6318b4e53197_JaffaCakes118
-
Size
340KB
-
Sample
240717-t7y5fssfrb
-
MD5
53dd759d56240beba49d6318b4e53197
-
SHA1
25f4afea4e8babc6d7774fcf08b48f3917f05ae8
-
SHA256
7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0
-
SHA512
61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2
-
SSDEEP
6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD
Malware Config
Targets
-
-
Target
53dd759d56240beba49d6318b4e53197_JaffaCakes118
-
Size
340KB
-
MD5
53dd759d56240beba49d6318b4e53197
-
SHA1
25f4afea4e8babc6d7774fcf08b48f3917f05ae8
-
SHA256
7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0
-
SHA512
61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2
-
SSDEEP
6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1