General
-
Target
f537fb649351697bab504875a6376248_JaffaCakes118
-
Size
970KB
-
Sample
240925-fesv3swcqq
-
MD5
f537fb649351697bab504875a6376248
-
SHA1
a1172ce706c7cfe515bcc7d5bdc0fd4331229c68
-
SHA256
88db5475450967cf49cc6f8f167e0f4fdf0a52e098ec696d778d5b6a272958c5
-
SHA512
8a98705dbaf60d842a985c8529db8f3d48a1cc4ddf15f910f275be2d6c663b26c7ecfa63ce274e97dba21edc876997165f163a99dc01cacca9a78f0ec69b12c5
-
SSDEEP
24576:xoJb8qGbsCV4HJb31EpJZYDTDO7ctLHu:xEoT3KTEJZYDT6YtLH
Malware Config
Targets
-
-
Target
f537fb649351697bab504875a6376248_JaffaCakes118
-
Size
970KB
-
MD5
f537fb649351697bab504875a6376248
-
SHA1
a1172ce706c7cfe515bcc7d5bdc0fd4331229c68
-
SHA256
88db5475450967cf49cc6f8f167e0f4fdf0a52e098ec696d778d5b6a272958c5
-
SHA512
8a98705dbaf60d842a985c8529db8f3d48a1cc4ddf15f910f275be2d6c663b26c7ecfa63ce274e97dba21edc876997165f163a99dc01cacca9a78f0ec69b12c5
-
SSDEEP
24576:xoJb8qGbsCV4HJb31EpJZYDTDO7ctLHu:xEoT3KTEJZYDT6YtLH
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-