Extracted

• • Target

    721fc9603ce2f698832856691759e8d1_JaffaCakes118

  • Size

    1.9MB

  • MD5

    721fc9603ce2f698832856691759e8d1

  • SHA1

    ab1fefaa0863fc787b4cf8cbe94be559d20586c3

  • SHA256

    726c91cce56e7f2984e3df904e902a892699f18061cc6934d14b7998d04e53d2

  • SHA512

    03cc0753ea33eb241dcff3bf11833f9a4972be59595f9bdbb77bc3afb05fbdb9b394c9b21a632140f8d4a8e4c38b884ba56750661ecc15e17cfdad00b43016f1

  • SSDEEP

    24576:bAHnh+eWsN3skA4RV1Hom2KXMmHavFmN0CldmeK15O9EE8HSpSyD5:2h+ZkldoPK8YabC

  Score

  10^/10

  hawkeyecollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2