General
-
Target
JaffaCakes118_63040b4c483df22af01c4659c1ae0dc0
-
Size
788KB
-
Sample
250102-gfjjgayndj
-
MD5
63040b4c483df22af01c4659c1ae0dc0
-
SHA1
901f6ad682380ea200810bf98110c126d9994a61
-
SHA256
4d5ff6f7df6b06b9ba5b874b692dffa6aab1641c9afd28323e3811b0a58340a9
-
SHA512
f31b794b21470b07aaf9d761130161dee7072495e8c8cb15fa237a4ba98b58bb253de00d3133e5a3b272e0d9959801d61594459a164b33df3bf2f0bc3ba9b45e
-
SSDEEP
24576:MHE3Se7R/MH01iTcKVO2H8irIzaNUrwmG:YECh01Ch0uNK
Malware Config
Targets
-
-
Target
JaffaCakes118_63040b4c483df22af01c4659c1ae0dc0
-
Size
788KB
-
MD5
63040b4c483df22af01c4659c1ae0dc0
-
SHA1
901f6ad682380ea200810bf98110c126d9994a61
-
SHA256
4d5ff6f7df6b06b9ba5b874b692dffa6aab1641c9afd28323e3811b0a58340a9
-
SHA512
f31b794b21470b07aaf9d761130161dee7072495e8c8cb15fa237a4ba98b58bb253de00d3133e5a3b272e0d9959801d61594459a164b33df3bf2f0bc3ba9b45e
-
SSDEEP
24576:MHE3Se7R/MH01iTcKVO2H8irIzaNUrwmG:YECh01Ch0uNK
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1