General
-
Target
JaffaCakes118_6281ed2372cd4dbbcd8f3f7b6df0eba31365bd17552b37b76e4d843bb2176258
-
Size
1.1MB
-
Sample
241229-dl7xga1kaj
-
MD5
1d9fb94e81473a27d654d308574416e0
-
SHA1
2ff5db8d3599e11b3b8424d18376c2102270ab8e
-
SHA256
6281ed2372cd4dbbcd8f3f7b6df0eba31365bd17552b37b76e4d843bb2176258
-
SHA512
84cabb147a6c94b1dbf64e0f0eb153d5e38e7d5203d7ab0d31b42416fed0ab1314723eeb791eb547722bc5d4f29c22687efb016e40ddb2f2238efd3c4641a990
-
SSDEEP
24576:ArOjQ3eKu3P184D/0aMra3pevR0NhiNIuDnNOD+4IdLXtB6wlMYGkyNNT:Ayc3eDP+paMOkDNZDnNOqLXv/lMhT
Malware Config
Targets
-
-
Target
93aacab7e09044795808ad1a0256c015271653ab0fe9d62785800c0f19ef1ad8
-
Size
1.4MB
-
MD5
88ff54784a623dcd43bb8c22491a5398
-
SHA1
873bb1426e0863be86a1df2d94ab33d8ac340d48
-
SHA256
93aacab7e09044795808ad1a0256c015271653ab0fe9d62785800c0f19ef1ad8
-
SHA512
7c8b75bbce1ebec485633b6b4d1e5e20cb295d0259e8d9fbd78c1ad72bb8bd2a7030cc517e12435d45cac144cf856bbaecb37a25e31f0157ddf1ca68af5074ef
-
SSDEEP
24576:UFzZuCFA6bbLJl/8mJ8yg1SJqy3ekImJFHYzEWLnKRWu3/bGa3m6B:MZun6nTTJ81QqcekR4FLKRtqW
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-