Overview

overview

10

Static

static

3

JaffaCakes...28.exe

windows7-x64

10

JaffaCakes...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2be18c63f8cf951237c2474c2084db28

  • Size

    413KB

  • Sample

    250227-j3wtes1xgt

  • MD5

    2be18c63f8cf951237c2474c2084db28

  • SHA1

    334f29b3d4fdc4b87c186faa0445e23517a1bbe3

  • SHA256

    f2b01932430280b7069c7ceaf5d1307acacea3694f78f87a83762ef7c30b1b6a

  • SHA512

    1c042e4717b187a5914059132ce7bd4e620a6ee184a6ba39411bbd693f7d9dd11685751a2c62d1cae25b116674d43e0e5b27f1521ecf354cf6513c19c075b120

  • SSDEEP

    12288:EOQmUOtktob2K5eO/dhQXGAdEMoUUec4nHrZr:amUOtkSa4ecQNdEMx

Score
10/10
hawkeyediscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_2be18c63f8cf951237c2474c2084db28

    • Size

      413KB

    • MD5

      2be18c63f8cf951237c2474c2084db28

    • SHA1

      334f29b3d4fdc4b87c186faa0445e23517a1bbe3

    • SHA256

      f2b01932430280b7069c7ceaf5d1307acacea3694f78f87a83762ef7c30b1b6a

    • SHA512

      1c042e4717b187a5914059132ce7bd4e620a6ee184a6ba39411bbd693f7d9dd11685751a2c62d1cae25b116674d43e0e5b27f1521ecf354cf6513c19c075b120

    • SSDEEP

      12288:EOQmUOtktob2K5eO/dhQXGAdEMoUUec4nHrZr:amUOtkSa4ecQNdEMx

    Score
    10/10
    hawkeyediscoverykeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Hawkeye family

      hawkeye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks