General
-
Target
f73dd41db5387ae6adf513b910fb5f31_JaffaCakes118
-
Size
1.0MB
-
Sample
240926-bnemla1gpa
-
MD5
f73dd41db5387ae6adf513b910fb5f31
-
SHA1
fd35fef25fbf4b86d4cc6002ae8b8e75eb93f88d
-
SHA256
3517771e81046985b5448cab505ed8f56053951c4f9528c0985ebee72ca4ce2f
-
SHA512
d9bc68852533ba11f92337ebf29245d67d1a7e28335019846ae2adf6105ebce9129b85741a456a231c33ad95c69149884bdce06f6b0a4295d832e13125afdb91
-
SSDEEP
24576:ZZCMrC5FQo+gMAqugmTRIfzY5OImt7xtbN7xtmRzeHWxo/Gu3:ZZrC5FQ2rqu71IfzoONlxTxIvC
Malware Config
Targets
-
-
Target
po 0015.exe
-
Size
2.1MB
-
MD5
e4a10dbacce9731deeed9e14e2622bb0
-
SHA1
a509cd1c5f43611cc404a807d9ef4b9cc6305af0
-
SHA256
e80981f3e4b83bb695e8de9e7d823821d83e883de1fcb43662f81e9096ada1ed
-
SHA512
a2f8fb9040f3d0d384812796065c4f85be337d8a729132ee3e271e42ed36468643cf62946dd68b251b9ce0bd3e2ca0010c1e75b04ddd8449b5d3f7aa7c7fb5cf
-
SSDEEP
24576:5AHnh+eWsN3skA4RV1Hom2KXMmHafBVVZTjxX4CmFM0xpLWKKL0pDWlhf5:Ah+ZkldoPK8Yaf1
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-