Extracted

• • Target

    d8a89adf2d14784fc5773577133c2bd4_JaffaCakes118

  • Size

    852KB

  • MD5

    d8a89adf2d14784fc5773577133c2bd4

  • SHA1

    51715d9a10778b06604cf1498a61c94c0366e290

  • SHA256

    5870c7521a5ac953330562a6a7821719e062f25ce0d0a93e285cedd788bc60fd

  • SHA512

    a4b890345e6934bd0b5a097bf1bca6decbe5810116680b1f25f514482d3b27eba5b898a4d2994800abb79d46e30636f0a4dffe2cc895af1ea7886979e492310e

  • SSDEEP

    12288:XkB6fFwTcGrcPvB1KB4uLqrcHRxjqUggAUpU/hQ8uN/SQhhif:XY6m4jB1KB4uV+Ugg5q2hbhUf

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggercollectioncredential_accessdiscoveryinfostealerkeyloggerspywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2