General
-
Target
e651dca5c850451cdba7f25cbb4134e7_JaffaCakes118
-
Size
900KB
-
Sample
240917-h73xvs1drm
-
MD5
e651dca5c850451cdba7f25cbb4134e7
-
SHA1
a01c81c2f6c8eb29506d19a99841befd4df88307
-
SHA256
82d47333e7318f0d2378e167c78aa01cd5be84996a084929c28877de45819fd4
-
SHA512
380ac7da294cc78c2e5fb2643aa3a3371904a46fe6f001eddaf713e35ad0efa4bf4294c134627fd962779bf2ab0a2e9afe10cc04097c7b4fc88b69f91881fab0
-
SSDEEP
24576:VrdHfzCHBR2FzywRw3xwj+7x6di+d3BG7ug5dmZMFJldSruOY6CM:DzCHBRonRw3xm66Fd3BG7ug5deMFJld
Malware Config
Targets
-
-
Target
e651dca5c850451cdba7f25cbb4134e7_JaffaCakes118
-
Size
900KB
-
MD5
e651dca5c850451cdba7f25cbb4134e7
-
SHA1
a01c81c2f6c8eb29506d19a99841befd4df88307
-
SHA256
82d47333e7318f0d2378e167c78aa01cd5be84996a084929c28877de45819fd4
-
SHA512
380ac7da294cc78c2e5fb2643aa3a3371904a46fe6f001eddaf713e35ad0efa4bf4294c134627fd962779bf2ab0a2e9afe10cc04097c7b4fc88b69f91881fab0
-
SSDEEP
24576:VrdHfzCHBR2FzywRw3xwj+7x6di+d3BG7ug5dmZMFJldSruOY6CM:DzCHBRonRw3xm66Fd3BG7ug5deMFJld
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-