General
-
Target
fd53762321621f694b1ba500804cc93d_JaffaCakes118
-
Size
801KB
-
Sample
241218-158pfatqcx
-
MD5
fd53762321621f694b1ba500804cc93d
-
SHA1
7af2432a16f3e2a02d23e394e9a6879b53ff7730
-
SHA256
85222ea20ad14e30d272ea7f55daa18f40948206aa889f3fb738b886aa7694bd
-
SHA512
ea27a557437ea94b57765fbf9faba139a37b2aabd9ad8d83c2595f32e3a02645a337e52e9b3f2bf7e57489a926acfc1c7921d24e95f52fed0e3161c067b6c66f
-
SSDEEP
12288:vU18CRHGdpbC0tREGU6dtU79ETJbe8lHfEdnj8IBdXeuuZ3O:vQ8ZvbPtRssOGflajlBtSFO
Malware Config
Targets
-
-
Target
fd53762321621f694b1ba500804cc93d_JaffaCakes118
-
Size
801KB
-
MD5
fd53762321621f694b1ba500804cc93d
-
SHA1
7af2432a16f3e2a02d23e394e9a6879b53ff7730
-
SHA256
85222ea20ad14e30d272ea7f55daa18f40948206aa889f3fb738b886aa7694bd
-
SHA512
ea27a557437ea94b57765fbf9faba139a37b2aabd9ad8d83c2595f32e3a02645a337e52e9b3f2bf7e57489a926acfc1c7921d24e95f52fed0e3161c067b6c66f
-
SSDEEP
12288:vU18CRHGdpbC0tREGU6dtU79ETJbe8lHfEdnj8IBdXeuuZ3O:vQ8ZvbPtRssOGflajlBtSFO
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1