General
-
Target
caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118
-
Size
328KB
-
Sample
240830-scf5qa1cjn
-
MD5
caaf6e830cfe28f4cc5b097ab52d853b
-
SHA1
89bf48299ea7792e6891dfd267ad6013a34d307e
-
SHA256
6a75dfbdcc675d767cfaf741b25ff3e2527c6e9336febe0fb5b5a737a17d2c8c
-
SHA512
f5cf19ebf5a7ac7a14d8dc687df01d377653cab18d6c03228e0850485d0fb6d49d764eadef4ce7772a75655f62343f5776336ac42995edf592b597a69d45b451
-
SSDEEP
6144:pfe6Iq7LZgKRHNpfHb0AmhpJuxTQCIQHCZn5FBFOepDZzQJj/G4gx:JbZ7LZgSNpjsJPCIQo5jFR6jEx
Malware Config
Extracted
Protocol: smtp- Host:
mail.gandi.net - Port:
587 - Username:
[email protected] - Password:
@@yahoo.com@@
Targets
-
-
Target
caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118
-
Size
328KB
-
MD5
caaf6e830cfe28f4cc5b097ab52d853b
-
SHA1
89bf48299ea7792e6891dfd267ad6013a34d307e
-
SHA256
6a75dfbdcc675d767cfaf741b25ff3e2527c6e9336febe0fb5b5a737a17d2c8c
-
SHA512
f5cf19ebf5a7ac7a14d8dc687df01d377653cab18d6c03228e0850485d0fb6d49d764eadef4ce7772a75655f62343f5776336ac42995edf592b597a69d45b451
-
SSDEEP
6144:pfe6Iq7LZgKRHNpfHb0AmhpJuxTQCIQHCZn5FBFOepDZzQJj/G4gx:JbZ7LZgSNpjsJPCIQo5jFR6jEx
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-