General
-
Target
efa8a674ec587daa8b27235d35aa88b4_JaffaCakes118
-
Size
814KB
-
Sample
240921-m755fazajj
-
MD5
efa8a674ec587daa8b27235d35aa88b4
-
SHA1
4201655698c49e0d2a3a657c47db0053faf8ea76
-
SHA256
33f05806ab5437e453da7fbf2f5b09ccaf62b98ff22a487167134c728e20102f
-
SHA512
f3372a438ad1d9b81f421b17299f7a28e765bf2a82084e7661b10b7496138bf2a9982a58f1c2bd48580b3d37d6107514f9fc4be5a0afe366c95ef672fd1a9c26
-
SSDEEP
12288:2QhA458jD9Idir4KOHpcLbVprODAU2/3gItbucXDFXrGCjHMqgA3+UOKOQo:vh5gu+7TrODAVgIlugA16EKn
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Targets
-
-
Target
efa8a674ec587daa8b27235d35aa88b4_JaffaCakes118
-
Size
814KB
-
MD5
efa8a674ec587daa8b27235d35aa88b4
-
SHA1
4201655698c49e0d2a3a657c47db0053faf8ea76
-
SHA256
33f05806ab5437e453da7fbf2f5b09ccaf62b98ff22a487167134c728e20102f
-
SHA512
f3372a438ad1d9b81f421b17299f7a28e765bf2a82084e7661b10b7496138bf2a9982a58f1c2bd48580b3d37d6107514f9fc4be5a0afe366c95ef672fd1a9c26
-
SSDEEP
12288:2QhA458jD9Idir4KOHpcLbVprODAU2/3gItbucXDFXrGCjHMqgA3+UOKOQo:vh5gu+7TrODAVgIlugA16EKn
Score10/10-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger payload
Detects M00nD3v Logger payload in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-