General
-
Target
fa4a3e649b9517d608608f14aad9ee69_JaffaCakes118
-
Size
984KB
-
Sample
240927-m545cssapb
-
MD5
fa4a3e649b9517d608608f14aad9ee69
-
SHA1
acfdc71b72426d4c30b7c35ee53a95500fd141cc
-
SHA256
a5dbdb27dcecc2be689d43da2dcbeef99ff33e583b66ecb6bb2af78d356a1db7
-
SHA512
4833e11ef74adc2e4b0084d08ab3f0105e6622b69ebdf432c030d045f51df6a5fb9f80e5eae38950f09558420df5f6f21bea4df8ca92a5fb37fb1509633ae47b
-
SSDEEP
24576:ujGFezmC9scgM0VoFC417xjmopLmcFNj2tirYyl:/6mCuc/0VsC4ZxDpzl
Malware Config
Targets
-
-
Target
fa4a3e649b9517d608608f14aad9ee69_JaffaCakes118
-
Size
984KB
-
MD5
fa4a3e649b9517d608608f14aad9ee69
-
SHA1
acfdc71b72426d4c30b7c35ee53a95500fd141cc
-
SHA256
a5dbdb27dcecc2be689d43da2dcbeef99ff33e583b66ecb6bb2af78d356a1db7
-
SHA512
4833e11ef74adc2e4b0084d08ab3f0105e6622b69ebdf432c030d045f51df6a5fb9f80e5eae38950f09558420df5f6f21bea4df8ca92a5fb37fb1509633ae47b
-
SSDEEP
24576:ujGFezmC9scgM0VoFC417xjmopLmcFNj2tirYyl:/6mCuc/0VsC4ZxDpzl
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-