Overview

overview

10

Static

static

3

JaffaCakes...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a0794597b8669e46158f61f765d4be73

  • Size

    1.1MB

  • Sample

    250407-xk8bds1xdz

  • MD5

    a0794597b8669e46158f61f765d4be73

  • SHA1

    3d170cdba22576b75e672317ef46711c44a2bfd6

  • SHA256

    fea5e0b53d49c7447019fe720bcd7019be94cf918c687021634ca12212d6f5f0

  • SHA512

    a11c72ce4913d532fecdd47da776c13c301d4201a69ceed1ff280f982f21224fe32a21e6106ba4db04e76698df2abc48fb3181c30e1f71f2701953f8f194ce98

  • SSDEEP

    24576:9JTV+zRlx0lQDe/QfgO/sqeAI8giImjRAPoYD6Q:rTgRtfEqeAA5m2gz

Score
10/10
hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vajalik312

Targets

    • Target

      JaffaCakes118_a0794597b8669e46158f61f765d4be73

    • Size

      1.1MB

    • MD5

      a0794597b8669e46158f61f765d4be73

    • SHA1

      3d170cdba22576b75e672317ef46711c44a2bfd6

    • SHA256

      fea5e0b53d49c7447019fe720bcd7019be94cf918c687021634ca12212d6f5f0

    • SHA512

      a11c72ce4913d532fecdd47da776c13c301d4201a69ceed1ff280f982f21224fe32a21e6106ba4db04e76698df2abc48fb3181c30e1f71f2701953f8f194ce98

    • SSDEEP

      24576:9JTV+zRlx0lQDe/QfgO/sqeAI8giImjRAPoYD6Q:rTgRtfEqeAA5m2gz

    Score
    10/10
    hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Hawkeye family

      hawkeye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks