General
-
Target
dd5176d3f34ed52382017b21fc83c1b8_JaffaCakes118
-
Size
3.1MB
-
Sample
240406-gz5aaacd5z
-
MD5
dd5176d3f34ed52382017b21fc83c1b8
-
SHA1
a400fd621f973ef7167b6d066fe370c9a059fd86
-
SHA256
6cd19cc6593f6e41ff6dfb9a976273b4b7d5ab9dcbcff4c8d71e866e26a56bfd
-
SHA512
65633c867cd072a5781c9f7c5242cf141d6429cbed073ce608dc22a338bb1760e0e247e0b9f7feebdc04e14b4b53c76634d9e0fd42ef2975e30df8e97621d913
-
SSDEEP
98304:+qXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5BemgElT:j405QYtsTEB08T8HehLvr1
Malware Config
Targets
-
-
Target
dd5176d3f34ed52382017b21fc83c1b8_JaffaCakes118
-
Size
3.1MB
-
MD5
dd5176d3f34ed52382017b21fc83c1b8
-
SHA1
a400fd621f973ef7167b6d066fe370c9a059fd86
-
SHA256
6cd19cc6593f6e41ff6dfb9a976273b4b7d5ab9dcbcff4c8d71e866e26a56bfd
-
SHA512
65633c867cd072a5781c9f7c5242cf141d6429cbed073ce608dc22a338bb1760e0e247e0b9f7feebdc04e14b4b53c76634d9e0fd42ef2975e30df8e97621d913
-
SSDEEP
98304:+qXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5BemgElT:j405QYtsTEB08T8HehLvr1
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-