General
-
Target
13b38a0a468aa0fed7fa03f726f4725c_JaffaCakes118
-
Size
801KB
-
Sample
241004-rmhkvssgla
-
MD5
13b38a0a468aa0fed7fa03f726f4725c
-
SHA1
c3273a6bca7b37a4a8f4473b8283774713914c38
-
SHA256
a33160a1cbc3a3abcd1330dc8cba9cb99fee6f6061a9a143b47a4b3597e969a6
-
SHA512
c901507061757293eee77013a2bca3ce66dadfa52c075f551b34006eab5d5e560f4a77d040f564adb4538257aa71ce67b3098cfbde9672691d7dc6a48f8a99d7
-
SSDEEP
12288:wMOiyaD1GhnYzIsd561es4hTfTsA/H1AtMkpOh8Vd5ikI9iVpl8am7/6b5KpSSiN:H9yaD1e+pvTfTsY3aOeF8ms6bGSSu
Malware Config
Targets
-
-
Target
13b38a0a468aa0fed7fa03f726f4725c_JaffaCakes118
-
Size
801KB
-
MD5
13b38a0a468aa0fed7fa03f726f4725c
-
SHA1
c3273a6bca7b37a4a8f4473b8283774713914c38
-
SHA256
a33160a1cbc3a3abcd1330dc8cba9cb99fee6f6061a9a143b47a4b3597e969a6
-
SHA512
c901507061757293eee77013a2bca3ce66dadfa52c075f551b34006eab5d5e560f4a77d040f564adb4538257aa71ce67b3098cfbde9672691d7dc6a48f8a99d7
-
SSDEEP
12288:wMOiyaD1GhnYzIsd561es4hTfTsA/H1AtMkpOh8Vd5ikI9iVpl8am7/6b5KpSSiN:H9yaD1e+pvTfTsY3aOeF8ms6bGSSu
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1