General
-
Target
JaffaCakes118_c988751b7a7b61ed8046d1ab2ae220a2c1adda5780edac81981963e6ea25177a
-
Size
520KB
-
Sample
241230-wkf2gavkct
-
MD5
18a9b3b072dcb77f3a21ddc795d5b1ee
-
SHA1
a4430a7259b543bb0d5dfaa26b93cca8eb43764f
-
SHA256
c988751b7a7b61ed8046d1ab2ae220a2c1adda5780edac81981963e6ea25177a
-
SHA512
eb1c320783402ac8363bb23da03bcb3289369fcd5e9415539135b0cb35e02cdbef9f6a3d689089d2f7ba0c74a6df24190a92754f4b5e81a67b6fe92f5f5cf505
-
SSDEEP
6144:XjunqewWEbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx/:FWEQtqB5urTIoYWBQk1E+VF9mOx9Ji
Malware Config
Targets
-
-
Target
JaffaCakes118_c988751b7a7b61ed8046d1ab2ae220a2c1adda5780edac81981963e6ea25177a
-
Size
520KB
-
MD5
18a9b3b072dcb77f3a21ddc795d5b1ee
-
SHA1
a4430a7259b543bb0d5dfaa26b93cca8eb43764f
-
SHA256
c988751b7a7b61ed8046d1ab2ae220a2c1adda5780edac81981963e6ea25177a
-
SHA512
eb1c320783402ac8363bb23da03bcb3289369fcd5e9415539135b0cb35e02cdbef9f6a3d689089d2f7ba0c74a6df24190a92754f4b5e81a67b6fe92f5f5cf505
-
SSDEEP
6144:XjunqewWEbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx/:FWEQtqB5urTIoYWBQk1E+VF9mOx9Ji
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-