General

  • Target

    179b219afa2ac15b14affd399273148b_JaffaCakes118

  • Size

    700KB

  • Sample

    241006-lwzmvasbmb

  • MD5

    179b219afa2ac15b14affd399273148b

  • SHA1

    00c21b3b3400b2296d773966630f5a2a9f325652

  • SHA256

    590397ffebbc978f25e3d0c1faefcd710a6321884f1155f450f148e1fee3062b

  • SHA512

    1ae8c495c1394b6e79887f481699f6b00f9f9209df5beb5732f12bb6adbbc702ade681db5a980d11818621ad5bfaebb16ace58141dd9e4470766fa60cfe8d560

  • SSDEEP

    12288:qFDv2ytr/45N0jZ3D3seqRxQaB7tOHoUvBK:qFyyBQiB3zq3Qu7tOBw

Malware Config

Targets

    • Target

      179b219afa2ac15b14affd399273148b_JaffaCakes118

    • Size

      700KB

    • MD5

      179b219afa2ac15b14affd399273148b

    • SHA1

      00c21b3b3400b2296d773966630f5a2a9f325652

    • SHA256

      590397ffebbc978f25e3d0c1faefcd710a6321884f1155f450f148e1fee3062b

    • SHA512

      1ae8c495c1394b6e79887f481699f6b00f9f9209df5beb5732f12bb6adbbc702ade681db5a980d11818621ad5bfaebb16ace58141dd9e4470766fa60cfe8d560

    • SSDEEP

      12288:qFDv2ytr/45N0jZ3D3seqRxQaB7tOHoUvBK:qFyyBQiB3zq3Qu7tOBw

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks