Extracted

• • Target

    JaffaCakes118_ee3b5472af95b20e0bd143ac09e8413f

  • Size

    251KB

  • MD5

    ee3b5472af95b20e0bd143ac09e8413f

  • SHA1

    ddfadbafc764c5fca1061afc8f510ec79fce5867

  • SHA256

    4a6cc24d3fc5162bd0892f6a15126f7c801f8e5631a8100901ff1b735dae5c6f

  • SHA512

    253993cdab6a79e4b3aac98b8ac7879ed188368514aa7a103a82cac3b971968a2f121aa094826a6e28908173113df1884f85523004e03da467d3b32c3fde4bdd

  • SSDEEP

    3072:x3tpH5vx16ClhTNAycOUXJ9lwLpTlW6hXWLLFpIB1HlrWVKW5J7f3e:x3rPltNAlOUXJ9lwLpFALPmhW0W372

  Score

  10^/10

  hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye

  • Hawkeye family

    hawkeye

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2