General
-
Target
6532c334d3963caf0d1b0c332c8a2305_JaffaCakes118
-
Size
352KB
-
Sample
240722-292mcstfjf
-
MD5
6532c334d3963caf0d1b0c332c8a2305
-
SHA1
6894c91ab82b6d063e0840e1a8511fba988404eb
-
SHA256
5b7c021a39977b87fe36dce338583c4e7a0e10fbeec7ca1ff502a9c295cb3eff
-
SHA512
06b8fa264b9068f69d63e8d97ea3a378f1aba9a3b43aa6affb3a6bb33eecb323ea804a29bfd97a91b44d69d513e215f0034e5126a4e7fcca63ad79159f5e4f62
-
SSDEEP
6144:ul1m1PSg27GOa9ErdrvOerMFnmZofmO5Y11vdMRXUIT6wCrjRBSUaLmjkHVVJ9PI:M12PS49ErdvOHFnmZX1UpCrjvnaLmjEg
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
tUDXLCv1
Targets
-
-
Target
6532c334d3963caf0d1b0c332c8a2305_JaffaCakes118
-
Size
352KB
-
MD5
6532c334d3963caf0d1b0c332c8a2305
-
SHA1
6894c91ab82b6d063e0840e1a8511fba988404eb
-
SHA256
5b7c021a39977b87fe36dce338583c4e7a0e10fbeec7ca1ff502a9c295cb3eff
-
SHA512
06b8fa264b9068f69d63e8d97ea3a378f1aba9a3b43aa6affb3a6bb33eecb323ea804a29bfd97a91b44d69d513e215f0034e5126a4e7fcca63ad79159f5e4f62
-
SSDEEP
6144:ul1m1PSg27GOa9ErdrvOerMFnmZofmO5Y11vdMRXUIT6wCrjRBSUaLmjkHVVJ9PI:M12PS49ErdvOHFnmZX1UpCrjvnaLmjEg
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-