Extracted

• • Target

    f7978d432d1f4d99ad24568643704f88_JaffaCakes118

  • Size

    949KB

  • MD5

    f7978d432d1f4d99ad24568643704f88

  • SHA1

    fd86eb0f4a592d6be7200191aaa705592a4f631f

  • SHA256

    6d4075cae42df68f5e06799b799c60ecfccff4794277c67b00bc9009b3faf1e4

  • SHA512

    3ff3ba2b4c8e6cc282ff79255ec228386e48dc5f7d45208ba30a338992e46a1e72afc7d3f96d1b61ac4cbdbb8687f646cfdb95394873135386ca4f7dab38305b

  • SSDEEP

    12288:knWwI/AJjDTKTCGlZBBx1Vtl9Hx2hsAuyLdyrUNzYweqNoCoOL2VjA05e/hMXRY6:kWwZxKGon31Vtl3OsnWbu4plkPcYxG

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggeragilenetdiscoveryinfostealerkeyloggerspywarestealertrojan

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2