General
-
Target
dbc8b3569046c9122415431ad4911cec_JaffaCakes118
-
Size
1000KB
-
Sample
240912-eqft8a1akp
-
MD5
dbc8b3569046c9122415431ad4911cec
-
SHA1
acfaa25b229174d2c9189f1c8e38dccc7b5e5ff6
-
SHA256
5357401248b44ed57f3fe12fb604e47a3eba3e99111f7a5fb04b2385c386fb19
-
SHA512
23bd8691ede5ea92b161884d59aa6512f2ac23387b1078a03573b6d08cde01433ed19ccfb5ee67b5f147dbd8c9b6ad028d1d862868dfd3c13300b66d63c7f578
-
SSDEEP
24576:LSW6SIhZbWsv+6szFB8hxeKxgDziC79XNSXdPnd4:L9aMfHDMCnwq
Malware Config
Targets
-
-
Target
dbc8b3569046c9122415431ad4911cec_JaffaCakes118
-
Size
1000KB
-
MD5
dbc8b3569046c9122415431ad4911cec
-
SHA1
acfaa25b229174d2c9189f1c8e38dccc7b5e5ff6
-
SHA256
5357401248b44ed57f3fe12fb604e47a3eba3e99111f7a5fb04b2385c386fb19
-
SHA512
23bd8691ede5ea92b161884d59aa6512f2ac23387b1078a03573b6d08cde01433ed19ccfb5ee67b5f147dbd8c9b6ad028d1d862868dfd3c13300b66d63c7f578
-
SSDEEP
24576:LSW6SIhZbWsv+6szFB8hxeKxgDziC79XNSXdPnd4:L9aMfHDMCnwq
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-