General
-
Target
eb749e44a75448c807d0af28f8b83e66_JaffaCakes118
-
Size
623KB
-
Sample
240410-tlv6nsgf6w
-
MD5
eb749e44a75448c807d0af28f8b83e66
-
SHA1
f00ecf94d2ca07d843242b23b1d6e9f92d80c0ce
-
SHA256
56086c245c079cb9345f744d6c352931877ea6aa2286950f9451d3ec372d6e19
-
SHA512
f8ee99ab474ba6b797a2d5eddc1245080ff3272576fcdc3bfc5c9d32154ac2b20ddf0939fc98f2d4e66e81f89582f0a0e8a92996896bc29fc478cdd40a3b60c4
-
SSDEEP
12288:eKOR/0vrmf7SehkqWtVHd/me+NI7E7936QNq3PDQw2k:q/0vwkBtVHd/mNNS/DQ
Static task
static1
Behavioral task
behavioral1
Sample
eb749e44a75448c807d0af28f8b83e66_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
bunopq12.top
morkix01.top
-
payload_url
http://tobdol01.top/download.php?file=lv.exe
Targets
-
-
Target
eb749e44a75448c807d0af28f8b83e66_JaffaCakes118
-
Size
623KB
-
MD5
eb749e44a75448c807d0af28f8b83e66
-
SHA1
f00ecf94d2ca07d843242b23b1d6e9f92d80c0ce
-
SHA256
56086c245c079cb9345f744d6c352931877ea6aa2286950f9451d3ec372d6e19
-
SHA512
f8ee99ab474ba6b797a2d5eddc1245080ff3272576fcdc3bfc5c9d32154ac2b20ddf0939fc98f2d4e66e81f89582f0a0e8a92996896bc29fc478cdd40a3b60c4
-
SSDEEP
12288:eKOR/0vrmf7SehkqWtVHd/me+NI7E7936QNq3PDQw2k:q/0vwkBtVHd/mNNS/DQ
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-