General

  • Target

    JaffaCakes118_2a0605fe6ee89eb3b394d0181b5d409bcbf08f9642082d196b51c7a0fc3bf6c8

  • Size

    282KB

  • Sample

    241222-l8zhlstpes

  • MD5

    ae6b234a8759fb218e24102837520f4c

  • SHA1

    bf3935fd05b5034e7af1c355e1bb74124e55e0cf

  • SHA256

    2a0605fe6ee89eb3b394d0181b5d409bcbf08f9642082d196b51c7a0fc3bf6c8

  • SHA512

    1f388e718b148a66bb19f452fafcd6de3ff90073dd7695930fb0f608062351d3c6b79a26c791f0c9f087a106607f590a8af26991a0a2aa046252cffaabba6ea2

  • SSDEEP

    6144:lbW4q/Q6by7mtt/SrIiyCz95BQ/L64vG20/CAU2XuEGUnfag:Vxq/Q6bfdWIiykS/mPCAU2+EGUnfH

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    FDGDFG34T43TT345T345TT3

Targets

    • Target

      fdf.bin

    • Size

      506KB

    • MD5

      f36535a73f8c6869ded283234f2a923f

    • SHA1

      9444e7fe027d743af732a27be3a4ae9dc0de1ced

    • SHA256

      23127973f0d6b1322ccf49e092cb5ff53e4859fb31ee6b09b6f9c8b5d3e19073

    • SHA512

      66e4af59d35a9f33cfe598c3664eb2e7d7f80ed54b6bc49ad97b3baec15accb78e4f926b6d6f921ece628381e85879a6ca435cbee6c74f60e3f4ba4235417fda

    • SSDEEP

      6144:WysbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9/II:rsQtqB5urTIoYWBQk1E+VF9mOx9t

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Hawkeye family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks