General
-
Target
cefb106ee5ff2b03c70dc1f77a502e66_JaffaCakes118
-
Size
912KB
-
Sample
240906-h5pmfstarp
-
MD5
cefb106ee5ff2b03c70dc1f77a502e66
-
SHA1
8398fc5b143a69711cf85ed343a538525a934acc
-
SHA256
89d2fb6fb4b468502238ac972392a0e062e07316ae48049f07a40fb01c38a4ed
-
SHA512
88f70236e3ed55e20f4d08385ab4c5c2a7e5669a5ce1c76a6af3d75d08edd5bd17eb6a59ea65adb5e155cad7abde6b96de1d5ffc4258b21315156e7377e20f1d
-
SSDEEP
24576:GjpwfjodwlV1wCNn+dHPq5PsbxNZMsOK63ecj+p4M7dgM3V:spw2CVuRPqlszOKKFj+pl7dD3
Malware Config
Targets
-
-
Target
cefb106ee5ff2b03c70dc1f77a502e66_JaffaCakes118
-
Size
912KB
-
MD5
cefb106ee5ff2b03c70dc1f77a502e66
-
SHA1
8398fc5b143a69711cf85ed343a538525a934acc
-
SHA256
89d2fb6fb4b468502238ac972392a0e062e07316ae48049f07a40fb01c38a4ed
-
SHA512
88f70236e3ed55e20f4d08385ab4c5c2a7e5669a5ce1c76a6af3d75d08edd5bd17eb6a59ea65adb5e155cad7abde6b96de1d5ffc4258b21315156e7377e20f1d
-
SSDEEP
24576:GjpwfjodwlV1wCNn+dHPq5PsbxNZMsOK63ecj+p4M7dgM3V:spw2CVuRPqlszOKKFj+pl7dD3
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-