General
-
Target
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118
-
Size
768KB
-
Sample
240408-cqf4wadh7w
-
MD5
e667be12287ccb2fddbc1644e0b4ec76
-
SHA1
7b4a31d9d7cef13d648b3fa51c547fcb23c66b8d
-
SHA256
c6145d071ca19409a854d7c94cd3da92a50db5561a747ea29fda9e7a734678f1
-
SHA512
82ecef0e88aca89efac381dde32f201553b8a770e480ba9c851c493fd6fa2e10a4eac933581b0e61269a3f653748a8688c87493a316a3de84ae0081cfaa4cd59
-
SSDEEP
12288:k0B3qFl33VV2yJYhm1M4GBJQnX1cOW1y40KJnmSjLbzAqMCvKOnxEuui:nBKf20wmy4IZv1V06nmSLzAzF8xEX
Static task
static1
Behavioral task
behavioral1
Sample
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
ewadmw53.top
morexn05.top
-
payload_url
http://winorm07.top/download.php?file=lv.exe
Targets
-
-
Target
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118
-
Size
768KB
-
MD5
e667be12287ccb2fddbc1644e0b4ec76
-
SHA1
7b4a31d9d7cef13d648b3fa51c547fcb23c66b8d
-
SHA256
c6145d071ca19409a854d7c94cd3da92a50db5561a747ea29fda9e7a734678f1
-
SHA512
82ecef0e88aca89efac381dde32f201553b8a770e480ba9c851c493fd6fa2e10a4eac933581b0e61269a3f653748a8688c87493a316a3de84ae0081cfaa4cd59
-
SSDEEP
12288:k0B3qFl33VV2yJYhm1M4GBJQnX1cOW1y40KJnmSjLbzAqMCvKOnxEuui:nBKf20wmy4IZv1V06nmSLzAzF8xEX
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-