General
-
Target
46078a92c76ea26b8282dbfffbfb6f50_JaffaCakes118
-
Size
801KB
-
Sample
241015-fx73qa1clj
-
MD5
46078a92c76ea26b8282dbfffbfb6f50
-
SHA1
238d7d2f6077a1ccc73cba7b12be37d478eab802
-
SHA256
76fa1d65c6ced79e3844d19963a029a47f0b9fc5f863d7322a1710e4fc36bdde
-
SHA512
cec0b0987af4b0fa40a3290ffe7a54c096dafeef085bc922ec8261cfd391afe1420e431070b32d37635a6c71a536d956ca6b02f8808b8d51e949207edb55dbd5
-
SSDEEP
12288:rKKvDwmkDVo7nfaYE9ufvZRR5/dRV7F8pBnSJXvPD3EMz86ZDqqgqMt0E7yi:WKbHkRo7n9E9uZRR5/Z7qCUq8qDUz0i
Malware Config
Targets
-
-
Target
46078a92c76ea26b8282dbfffbfb6f50_JaffaCakes118
-
Size
801KB
-
MD5
46078a92c76ea26b8282dbfffbfb6f50
-
SHA1
238d7d2f6077a1ccc73cba7b12be37d478eab802
-
SHA256
76fa1d65c6ced79e3844d19963a029a47f0b9fc5f863d7322a1710e4fc36bdde
-
SHA512
cec0b0987af4b0fa40a3290ffe7a54c096dafeef085bc922ec8261cfd391afe1420e431070b32d37635a6c71a536d956ca6b02f8808b8d51e949207edb55dbd5
-
SSDEEP
12288:rKKvDwmkDVo7nfaYE9ufvZRR5/dRV7F8pBnSJXvPD3EMz86ZDqqgqMt0E7yi:WKbHkRo7n9E9uZRR5/Z7qCUq8qDUz0i
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1