Extracted

• • Target

    c9d9335c8c23c820847b468af32960ac_JaffaCakes118

  • Size

    1.8MB

  • MD5

    c9d9335c8c23c820847b468af32960ac

  • SHA1

    15fb08be6429f23fa4b013a4808b722ee61af7a7

  • SHA256

    0c6568f45eac871cc701c708f90d8355c95f97d292bd0b6b51a7a26903adc311

  • SHA512

    85ae30248d46bf65367dce16fa8847b735dfc7c74e437afbfc71c6c4e2919b3220e966c5fe3358e764bfc0a288a79841d1c3efd53ece0cd3ca69880edccc918e

  • SSDEEP

    24576:xnmfx6YuQHCUBj8Fe4XUtlD9TQMyO8M6lo3v+dmSXpPT+:xmJ/HnAM9TQMD6o2dmcT+

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggercollectioncredential_accessdiscoveryinfostealerkeyloggerspywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Drops startup file

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2