Extracted

Extracted

• • Target

    c1f64bf96488b1ce402952faf2ed5863_JaffaCakes118

  • Size

    774KB

  • MD5

    c1f64bf96488b1ce402952faf2ed5863

  • SHA1

    62737620461ba1f7b37bfd47c7bbbd5a0a52a78f

  • SHA256

    f772318b94adb2aa67ef20c3cafe2ea2d4730321b6a03b1479f555faeec66f1b

  • SHA512

    50d567cd58238cb628dfc82ccef47b8235e66a825e63f7dc4bac89b9e97b969942bc836b6e7b10134e038e32b1ae37d706ccf10d80c49833e4c12d4dffad14d2

  • SSDEEP

    12288:3TaVzKj25fWvNOiqZLY+/GpNHAtX8x3wprVMnzqjkEyvcE64+twtJ871sIjC:3Tqzt5fSOiqZLxGjtqyWjLyvcnzPW

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggercollectioncredential_accessdiscoveryinfostealerkeyloggerpersistencespywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2