General
-
Target
2a3bbfd92f649284aca8646553402bfb_JaffaCakes118
-
Size
909KB
-
Sample
240728-3akegavele
-
MD5
2a3bbfd92f649284aca8646553402bfb
-
SHA1
e455e3d5a2116a61d53704841aaf8518063a43b2
-
SHA256
b7792d11b162687b6d5bfa2c7962c71915d1a193e35be2cfb7af53481c7814f7
-
SHA512
16ac61287f501fe06a9e06ca21e516ed61ce4365e69061a2920d57052c7b9d5e7669fb43600217b3236cc1c2fd42f4747729cf0554649be048df89b77e1ee765
-
SSDEEP
24576:Cp0lb0xmhcRacbsswOSDAeKi7H3ph1rffvzDSPBA:CBxmhcaz5ODeKi7H3Zjvz2
Malware Config
Targets
-
-
Target
2a3bbfd92f649284aca8646553402bfb_JaffaCakes118
-
Size
909KB
-
MD5
2a3bbfd92f649284aca8646553402bfb
-
SHA1
e455e3d5a2116a61d53704841aaf8518063a43b2
-
SHA256
b7792d11b162687b6d5bfa2c7962c71915d1a193e35be2cfb7af53481c7814f7
-
SHA512
16ac61287f501fe06a9e06ca21e516ed61ce4365e69061a2920d57052c7b9d5e7669fb43600217b3236cc1c2fd42f4747729cf0554649be048df89b77e1ee765
-
SSDEEP
24576:Cp0lb0xmhcRacbsswOSDAeKi7H3ph1rffvzDSPBA:CBxmhcaz5ODeKi7H3Zjvz2
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-