General
-
Target
eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118
-
Size
574KB
-
Sample
240412-at8xyshh83
-
MD5
eeb62173d7b2f4d2719c16b1dc2809fe
-
SHA1
acc4c9e1901a3fb601ce2f4e002023a2d8f3d556
-
SHA256
6b9e4d4db87e97bddd7428853a603b4cf3de855b1016523bade50bc88904eca2
-
SHA512
445ba6a41c46bcc86a815a6e293e40e5c7d9fddf91aaf0995791c30f55b0ef1c4fbf45a7a969c07226dcf8c12f2349d355186d11e196345add842cd2f55c7925
-
SSDEEP
12288:1XW3sCPAMQi9JUK0cxlrS0R+gNrWL3hSh9ak87ti0WMRxwoO:1m8CPAduU5cxMHl3ho9ak87tdp
Static task
static1
Behavioral task
behavioral1
Sample
eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
haiezf32.top
morcyr03.top
-
payload_url
http://zelstb04.top/download.php?file=lv.exe
Targets
-
-
Target
eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118
-
Size
574KB
-
MD5
eeb62173d7b2f4d2719c16b1dc2809fe
-
SHA1
acc4c9e1901a3fb601ce2f4e002023a2d8f3d556
-
SHA256
6b9e4d4db87e97bddd7428853a603b4cf3de855b1016523bade50bc88904eca2
-
SHA512
445ba6a41c46bcc86a815a6e293e40e5c7d9fddf91aaf0995791c30f55b0ef1c4fbf45a7a969c07226dcf8c12f2349d355186d11e196345add842cd2f55c7925
-
SSDEEP
12288:1XW3sCPAMQi9JUK0cxlrS0R+gNrWL3hSh9ak87ti0WMRxwoO:1m8CPAduU5cxMHl3ho9ak87tdp
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-