Resubmissions

13-08-2024 05:13

240813-fwxkla1cmp 10

13-08-2024 04:01

240813-elmf7syblp 10

General

  • Target

    91884f1ac121d9e5ded8bdef85da6052_JaffaCakes118

  • Size

    192KB

  • Sample

    240813-elmf7syblp

  • MD5

    91884f1ac121d9e5ded8bdef85da6052

  • SHA1

    e92c5ef867200ce2afe6d2ef3d2515375c25a8f7

  • SHA256

    86a825dc2b72314a5db4885e495db0ed61044e3ed8e00cbe7dc05c706b66be5b

  • SHA512

    62c19263d2dcd265610957176bb0794e071837b6b1c2e6922afd29c097fcfe210657627739b3e3e1c8409b0a8afb6b647e6d246eb276c10e0d1531293551311d

  • SSDEEP

    3072:gej6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT5AH:g8hvg8DL5ntb7hBkgXoZxT5K

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    78951asd

Targets

    • Target

      91884f1ac121d9e5ded8bdef85da6052_JaffaCakes118

    • Size

      192KB

    • MD5

      91884f1ac121d9e5ded8bdef85da6052

    • SHA1

      e92c5ef867200ce2afe6d2ef3d2515375c25a8f7

    • SHA256

      86a825dc2b72314a5db4885e495db0ed61044e3ed8e00cbe7dc05c706b66be5b

    • SHA512

      62c19263d2dcd265610957176bb0794e071837b6b1c2e6922afd29c097fcfe210657627739b3e3e1c8409b0a8afb6b647e6d246eb276c10e0d1531293551311d

    • SSDEEP

      3072:gej6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT5AH:g8hvg8DL5ntb7hBkgXoZxT5K

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks