Overview

overview

10

Static

static

3

b929cb7730...18.exe

windows7-x64

10

b929cb7730...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b929cb773000dcab9746e7754ea02281_JaffaCakes118

  • Size

    465KB

  • Sample

    240822-z2npes1amn

  • MD5

    b929cb773000dcab9746e7754ea02281

  • SHA1

    0463059cbc15e35f6455dccfbc60a843d3aaf640

  • SHA256

    2e7110f0447369df012fd909e3251ecdfb953bb31092cc1618610be1bf18b891

  • SHA512

    24237bb5ebf82dad33de576455422ff227d2e93f50555c34ee62cdf5bc78fc9ef0668db7bc2785832d5615325b808319f5559741a6f67e9996ed77df841dea2c

  • SSDEEP

    6144:s3rPltuwMva9SNynAyI/////////////////Q82MNxuelhy97biNWDB6Gm8TgOsK:Yn4vIcynAlZnBlo97eNWkGtgObm3oN

Score
10/10
hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    okedoke123

Targets

    • Target

      b929cb773000dcab9746e7754ea02281_JaffaCakes118

    • Size

      465KB

    • MD5

      b929cb773000dcab9746e7754ea02281

    • SHA1

      0463059cbc15e35f6455dccfbc60a843d3aaf640

    • SHA256

      2e7110f0447369df012fd909e3251ecdfb953bb31092cc1618610be1bf18b891

    • SHA512

      24237bb5ebf82dad33de576455422ff227d2e93f50555c34ee62cdf5bc78fc9ef0668db7bc2785832d5615325b808319f5559741a6f67e9996ed77df841dea2c

    • SSDEEP

      6144:s3rPltuwMva9SNynAyI/////////////////Q82MNxuelhy97biNWDB6Gm8TgOsK:Yn4vIcynAlZnBlo97eNWkGtgObm3oN

    Score
    10/10
    hawkeyediscoverykeyloggerpersistencespywarestealertrojancredential_access

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks