General
-
Target
ed4d2e0f901bc478be16d3dad0d02792_JaffaCakes118
-
Size
992KB
-
Sample
240411-nepsesde3z
-
MD5
ed4d2e0f901bc478be16d3dad0d02792
-
SHA1
7bce6d0d9ae6f72eb4ce37128be889206949cb3e
-
SHA256
959e3ca2579b6be8a11c06763c5a34ec118abc96d869e25bef06319c92da465e
-
SHA512
06ebd3e5039307c1e42eaaa9d449a300d2909c87811483ab737d72e47c1cffc4eba943b71744118d0c87ac129e58e0bb7c1632abc30540436014b2ff36ec25cf
-
SSDEEP
24576:UE0lHcgqgh7/0tgIugNw6GQlGDI/NKZ/Y:UEw8gXYzVtGQVNC/Y
Static task
static1
Behavioral task
behavioral1
Sample
ed4d2e0f901bc478be16d3dad0d02792_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ed4d2e0f901bc478be16d3dad0d02792_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
raccoon
1.7.3
fe25b858c52ebb889260990dc343e5dbcf4a96e4
-
url4cnc
https://telete.in/brikitiki
Extracted
oski
danielmax.ac.ug
Targets
-
-
Target
ed4d2e0f901bc478be16d3dad0d02792_JaffaCakes118
-
Size
992KB
-
MD5
ed4d2e0f901bc478be16d3dad0d02792
-
SHA1
7bce6d0d9ae6f72eb4ce37128be889206949cb3e
-
SHA256
959e3ca2579b6be8a11c06763c5a34ec118abc96d869e25bef06319c92da465e
-
SHA512
06ebd3e5039307c1e42eaaa9d449a300d2909c87811483ab737d72e47c1cffc4eba943b71744118d0c87ac129e58e0bb7c1632abc30540436014b2ff36ec25cf
-
SSDEEP
24576:UE0lHcgqgh7/0tgIugNw6GQlGDI/NKZ/Y:UEw8gXYzVtGQVNC/Y
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Raccoon Stealer V1 payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-