General

  • Target

    5bbdc3c3a415be2a687e0917852a6741_JaffaCakes118

  • Size

    56KB

  • Sample

    240719-njm5dssanh

  • MD5

    5bbdc3c3a415be2a687e0917852a6741

  • SHA1

    b2ab9df71047cd06e59b5bbb75dd4457122ceb25

  • SHA256

    bd3844aca4658bc26c5e1f8cdbe680e1be2d5ad9cb632e26ac016f1db353ddbe

  • SHA512

    f8354584ddd0ae442a9313d5dd27a7e790a88479dd70faa31cab69be933bbb6995812048b0e434285a82671783eb2685268ab67e658c809a2db86de1e835c07f

  • SSDEEP

    1536:ChaVbgQk6DqbjQBrZV8mLuFsLxFpYFvTUE:CDQk6DojQBtVisL3pYFbUE

Malware Config

Targets

    • Target

      5bbdc3c3a415be2a687e0917852a6741_JaffaCakes118

    • Size

      56KB

    • MD5

      5bbdc3c3a415be2a687e0917852a6741

    • SHA1

      b2ab9df71047cd06e59b5bbb75dd4457122ceb25

    • SHA256

      bd3844aca4658bc26c5e1f8cdbe680e1be2d5ad9cb632e26ac016f1db353ddbe

    • SHA512

      f8354584ddd0ae442a9313d5dd27a7e790a88479dd70faa31cab69be933bbb6995812048b0e434285a82671783eb2685268ab67e658c809a2db86de1e835c07f

    • SSDEEP

      1536:ChaVbgQk6DqbjQBrZV8mLuFsLxFpYFvTUE:CDQk6DojQBtVisL3pYFbUE

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Adds policy Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks