Extracted

• • Target

    7a37bbfded2f8c36adb7820529d69d4f_JaffaCakes118

  • Size

    532KB

  • MD5

    7a37bbfded2f8c36adb7820529d69d4f

  • SHA1

    0f51acf6e8c345b8641c645e2a5601c8c7b764e7

  • SHA256

    1bd551139010cf4fb74317bb2dff9abe6c9a6b1a1de7f73366c56bb13bc193b3

  • SHA512

    0229fb7c34ac6fdcc8e7fd98bbba805f3ab4079d78fb8c93208f7d66a50c1e071d9fa58564ab4c58a7c65f4452d5de69eeadf62ef28cbda4f0aacc2605b5ea97

  • SSDEEP

    12288:vHbypWk+AdCcQ0OEg+H8rj4h4F85nnqnnnnIeN8rnnnnJLeqLt:vbyp/0cun+CjxQqnIzrnnJLeqLt

  Score

  10^/10

  hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Hawkeye family

    hawkeye

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2