Overview

overview

10

Static

static

3

d8a89adf2d...18.exe

windows7-x64

10

d8a89adf2d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8a89adf2d14784fc5773577133c2bd4_JaffaCakes118

  • Size

    852KB

  • Sample

    240910-vmrqbawdkd

  • MD5

    d8a89adf2d14784fc5773577133c2bd4

  • SHA1

    51715d9a10778b06604cf1498a61c94c0366e290

  • SHA256

    5870c7521a5ac953330562a6a7821719e062f25ce0d0a93e285cedd788bc60fd

  • SHA512

    a4b890345e6934bd0b5a097bf1bca6decbe5810116680b1f25f514482d3b27eba5b898a4d2994800abb79d46e30636f0a4dffe2cc895af1ea7886979e492310e

  • SSDEEP

    12288:XkB6fFwTcGrcPvB1KB4uLqrcHRxjqUggAUpU/hQ8uN/SQhhif:XY6m4jB1KB4uV+Ugg5q2hbhUf

Score
10/10
hawkeye_rebornm00nd3v_loggercollectioncredential_accessdiscoveryinfostealerkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Targets

    • Target

      d8a89adf2d14784fc5773577133c2bd4_JaffaCakes118

    • Size

      852KB

    • MD5

      d8a89adf2d14784fc5773577133c2bd4

    • SHA1

      51715d9a10778b06604cf1498a61c94c0366e290

    • SHA256

      5870c7521a5ac953330562a6a7821719e062f25ce0d0a93e285cedd788bc60fd

    • SHA512

      a4b890345e6934bd0b5a097bf1bca6decbe5810116680b1f25f514482d3b27eba5b898a4d2994800abb79d46e30636f0a4dffe2cc895af1ea7886979e492310e

    • SSDEEP

      12288:XkB6fFwTcGrcPvB1KB4uLqrcHRxjqUggAUpU/hQ8uN/SQhhif:XY6m4jB1KB4uV+Ugg5q2hbhUf

    Score
    10/10
    hawkeye_rebornm00nd3v_loggercollectioncredential_accessdiscoveryinfostealerkeyloggerspywarestealertrojan

    • HawkEye Reborn

      HawkEye Reborn is an enhanced version of the HawkEye malware kit.

      keyloggertrojanstealerspywarehawkeye_reborn

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks