Extracted

Extracted

• • Target

    f52ab247321a7ce8b83f8ccf9511cfd8_JaffaCakes118

  • Size

    742KB

  • MD5

    f52ab247321a7ce8b83f8ccf9511cfd8

  • SHA1

    84010fbc63cc59d908db261f706f8065e903a72d

  • SHA256

    3ff6a400208079709780ba2f7ed1f79e2ca1e114f5b0732ed8aaa990d3b4329e

  • SHA512

    43ee1dfa4d40a757cbfe5b6a7aa3c5ae454f8bf45341aab01e011f0f4680bffe4193a223aca9e2e4c3da5f8ddcda00e4eede60d22758473b7f0e96395a0eaf1f

  • SSDEEP

    12288:lDT40cglZGEfkxeQkVPeYb4HB8zZMS4YaPt7FQUxoKAHCH2n1fVxAd5pjL:140cg+WkYPe04HCN17aF7JxoKAi6dxAF

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggeragilenetcollectiondiscoveryinfostealerkeyloggerpersistencespywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2