Extracted

• • Target

    df0b5abf528e0925d0cf90ccc159c567_JaffaCakes118

  • Size

    913KB

  • MD5

    df0b5abf528e0925d0cf90ccc159c567

  • SHA1

    dd7f4db19020579e4a9b762d3f882b173c8cf402

  • SHA256

    a3bfdd98f65f02ba196383e6fae84207354b0d77caa8eeebe7297ee616be078e

  • SHA512

    689a068ef47b5fff11a9a1ae0fedec6983a88bec6469ad26626a01f358d534f59d288aebc0b727f1ba556598ccb550b81c9c6c731f0968c9564275c69d18773e

  • SSDEEP

    12288:s4CkZcRCL0jfWsMIQyrFd44UxWf31zvAD/Fnm1sKQiXv1GLx+DYUvW8sRLK:sxM0jfGyb4lAfl7mmjQNwDY4S

  Score

  10^/10

  hawkeye_rebornm00nd3v_loggerdiscoveryinfostealerkeyloggerpersistencespywarestealertrojancollection

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn

  • Hawkeye_reborn family

    hawkeye_reborn

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger

  • M00nd3v_logger family

    m00nd3v_logger

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • M00nD3v Logger payload

    Detects M00nD3v Logger payload in memory.

    infostealer

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2