General
-
Target
cd96259b9189e052c883dc4e0ea04a4d_JaffaCakes118
-
Size
709KB
-
Sample
240831-zq23nsvenh
-
MD5
cd96259b9189e052c883dc4e0ea04a4d
-
SHA1
4e1102fdc589a27a854734ddb1d678b6697ea085
-
SHA256
d361d08a3107ddf107ee9cebd0e28d4befb15784d2c213ca97e171af851e1e7e
-
SHA512
e79738e6e458855c490242018f70cd55c0e2ae7d2c5a7afaa4bbf81f0a5b397ce70c264ac66a910c481a0d97b56cd6625c8a8dbe4c4e4c74c140d4c0f5053674
-
SSDEEP
12288:oXdrm3V4v1rZrnKkDFULgrvBe0nSLG8YRKcu5lISAFdNDMIV+09Us3AK:oXdruA1pnKTyFSL8buzcFdx3V9V
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
ilovemymama301
Targets
-
-
Target
cd96259b9189e052c883dc4e0ea04a4d_JaffaCakes118
-
Size
709KB
-
MD5
cd96259b9189e052c883dc4e0ea04a4d
-
SHA1
4e1102fdc589a27a854734ddb1d678b6697ea085
-
SHA256
d361d08a3107ddf107ee9cebd0e28d4befb15784d2c213ca97e171af851e1e7e
-
SHA512
e79738e6e458855c490242018f70cd55c0e2ae7d2c5a7afaa4bbf81f0a5b397ce70c264ac66a910c481a0d97b56cd6625c8a8dbe4c4e4c74c140d4c0f5053674
-
SSDEEP
12288:oXdrm3V4v1rZrnKkDFULgrvBe0nSLG8YRKcu5lISAFdNDMIV+09Us3AK:oXdruA1pnKTyFSL8buzcFdx3V9V
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
M00nD3v Logger payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-