General
-
Target
f72ed95e4a073f33f61492aa44922fe6_JaffaCakes118
-
Size
370KB
-
Sample
240926-a1yesszepf
-
MD5
f72ed95e4a073f33f61492aa44922fe6
-
SHA1
52c3d8a6f5c560ad9595a4f1469a3c834b25dfc7
-
SHA256
3c20a25596bccfb12d439e1da68109e024822b6dbb2f29d92efc08d606e277e6
-
SHA512
2da2cc075c1d8c5b277a553ed8bcff7b475993ddf958b8eaa1c42379112be78d649874b8629407139ec9f3befdf3b89e6c80b732db6001c2ea03fb339d84f7e3
-
SSDEEP
6144:QZy0cD9kQnjVtGoWezNmg9FWJIJiiY8A94hRkpCKDlCTQSN1oEkYbnN6SI/fc9G:rhTptGo6hiY8C4cg17ndDNyc9G
Malware Config
Targets
-
-
Target
cl_5284523690.exe
-
Size
700KB
-
MD5
4130727a922137b21679af3a165ffdf2
-
SHA1
09f54a503ac168951e1b43e9a15b54ba64b89a51
-
SHA256
ff0aad17f48a6a9c90c0481083e50bc61a475945433a3ff48710eacfd1c23867
-
SHA512
f02e28242de44299e432cfe6b5260ecdb456506e2697890a23d41291607777bb74f281b3085c45dcb94afbd44384d9a7b6e4fe85b5a412495eb4daf94597b9bc
-
SSDEEP
12288:0C9IefbtlX/fchIr8kDGuwG8VzQrcaFLatcLK6yLdNdH6CiH:dqPOGuwG8icaFLaSLKjjdaCi
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-