General
-
Target
fce7019d461b378d7cc1d96f37f56004_JaffaCakes118
-
Size
720KB
-
Sample
240928-w73trazfmp
-
MD5
fce7019d461b378d7cc1d96f37f56004
-
SHA1
019d28c018d87a5b78d380e92baf50393245a943
-
SHA256
25be1e3cc1e7ee510907603e5c3acd96bafde8967d75d760c7c506913e7e5a91
-
SHA512
f8c7ef0937232e16863e65798292058c5a3c80010f663e318f65e8ed9098b1bbce5ab56cefd2670fb4547029cadf8bb1e13fa6d1b21ae20f4fee62b45e52ce95
-
SSDEEP
12288:vgsF2XmM98Rt8LoNZ3QxxwhWIEdT1eyUw8vC4EKxQnqki47Uer:4sF2XmIJ8RwxwhWI4eyUnvCexQqjG
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
xfxhhmwudgbrdktb
Targets
-
-
Target
fce7019d461b378d7cc1d96f37f56004_JaffaCakes118
-
Size
720KB
-
MD5
fce7019d461b378d7cc1d96f37f56004
-
SHA1
019d28c018d87a5b78d380e92baf50393245a943
-
SHA256
25be1e3cc1e7ee510907603e5c3acd96bafde8967d75d760c7c506913e7e5a91
-
SHA512
f8c7ef0937232e16863e65798292058c5a3c80010f663e318f65e8ed9098b1bbce5ab56cefd2670fb4547029cadf8bb1e13fa6d1b21ae20f4fee62b45e52ce95
-
SSDEEP
12288:vgsF2XmM98Rt8LoNZ3QxxwhWIEdT1eyUw8vC4EKxQnqki47Uer:4sF2XmIJ8RwxwhWI4eyUnvCexQqjG
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-