General

  • Target

    53dd759d56240beba49d6318b4e53197_JaffaCakes118

  • Size

    340KB

  • Sample

    240717-t7y5fssfrb

  • MD5

    53dd759d56240beba49d6318b4e53197

  • SHA1

    25f4afea4e8babc6d7774fcf08b48f3917f05ae8

  • SHA256

    7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0

  • SHA512

    61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2

  • SSDEEP

    6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD

Malware Config

Targets

    • Target

      53dd759d56240beba49d6318b4e53197_JaffaCakes118

    • Size

      340KB

    • MD5

      53dd759d56240beba49d6318b4e53197

    • SHA1

      25f4afea4e8babc6d7774fcf08b48f3917f05ae8

    • SHA256

      7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0

    • SHA512

      61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2

    • SSDEEP

      6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks