Overview

overview

10

Static

static

10

JaffaCakes...3c.exe

windows7-x64

7

JaffaCakes...3c.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6140f55019484357bd0d8ca5f063ce2ce8dbb4636973fdcb8d1c80f6bde8893c

  • Size

    548KB

  • Sample

    241230-gr2t7azqfz

  • MD5

    bf74b01fa21c53d0a869f55ae8b34c04

  • SHA1

    ce68d05bcdc00dddfa604ef56df4c2d6ed354689

  • SHA256

    6140f55019484357bd0d8ca5f063ce2ce8dbb4636973fdcb8d1c80f6bde8893c

  • SHA512

    2ab5f0006dfc302e1e2c53fe476605245a0708365f56dbe968a616ada7e6de274e8805477e969931e7067d545b9894adc848793753a4ee9028d089c6147556b8

  • SSDEEP

    12288:TMj8fpiX8SwsKDLXuwY3FfAdppJkH1ps9yHp2+nXgR/OJKKWJuQYynrL3LrJAFD9:9fA8SX

Score
10/10
hawkeye_rebornm00nd3v_loggercollectioninfostealerspywarestealer

Malware Config

Extracted

Family

hawkeye_reborn

Version

10.1.2.2

Credentials

  • Protocol:     smtp
  • Host:
    mail.bigmanstan.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    khalifa@2020
Mutex

70be1d40-ebc1-4ae6-b9ea-12c67f3d9a4a

Attributes
  • fields

    map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:khalifa@2020 _EmailPort:587 _EmailSSL:false _EmailServer:mail.bigmanstan.com _EmailUsername:[email protected] _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:false _LogInterval:10 _MeltFile:false _Mutex:70be1d40-ebc1-4ae6-b9ea-12c67f3d9a4a _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.2.2 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]

  • name

    HawkEye Keylogger - RebornX, Version=10.1.2.2, Culture=neutral, PublicKeyToken=null

Targets

    • Target

      JaffaCakes118_6140f55019484357bd0d8ca5f063ce2ce8dbb4636973fdcb8d1c80f6bde8893c

    • Size

      548KB

    • MD5

      bf74b01fa21c53d0a869f55ae8b34c04

    • SHA1

      ce68d05bcdc00dddfa604ef56df4c2d6ed354689

    • SHA256

      6140f55019484357bd0d8ca5f063ce2ce8dbb4636973fdcb8d1c80f6bde8893c

    • SHA512

      2ab5f0006dfc302e1e2c53fe476605245a0708365f56dbe968a616ada7e6de274e8805477e969931e7067d545b9894adc848793753a4ee9028d089c6147556b8

    • SSDEEP

      12288:TMj8fpiX8SwsKDLXuwY3FfAdppJkH1ps9yHp2+nXgR/OJKKWJuQYynrL3LrJAFD9:9fA8SX

    Score
    7/10
    collectionspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks