General
-
Target
f2bd0df5311675a26219beb6a7ecf4c3_JaffaCakes118
-
Size
1.5MB
-
Sample
240416-flam3sbg9z
-
MD5
f2bd0df5311675a26219beb6a7ecf4c3
-
SHA1
a7bd8e4857dfbb5186f822868422a25628c8981c
-
SHA256
20f73e57b047b1b45f2537f0780b17cd5ad2324a60bacfd05ebf796f8ff51da3
-
SHA512
756052c3ddce25b2987464d01f2532ecd1b876ee279a2ac6c09cb725819bcfcb986dc1ad029747ccef27ab284c25c252151f9fb5ceecaa6b6d6fe7f7075bf14d
-
SSDEEP
24576:KGFBn/Vm6itNg/LpSxvsfC3KIZGhbOvYbCXOg8EpGw65lMuwDS14fbUaEmAlUEFn:FFBnNmlCjoxZZdvYbCXOTzwWvwG10bC+
Static task
static1
Behavioral task
behavioral1
Sample
f2bd0df5311675a26219beb6a7ecf4c3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f2bd0df5311675a26219beb6a7ecf4c3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cryptbot
ewazda75.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Targets
-
-
Target
f2bd0df5311675a26219beb6a7ecf4c3_JaffaCakes118
-
Size
1.5MB
-
MD5
f2bd0df5311675a26219beb6a7ecf4c3
-
SHA1
a7bd8e4857dfbb5186f822868422a25628c8981c
-
SHA256
20f73e57b047b1b45f2537f0780b17cd5ad2324a60bacfd05ebf796f8ff51da3
-
SHA512
756052c3ddce25b2987464d01f2532ecd1b876ee279a2ac6c09cb725819bcfcb986dc1ad029747ccef27ab284c25c252151f9fb5ceecaa6b6d6fe7f7075bf14d
-
SSDEEP
24576:KGFBn/Vm6itNg/LpSxvsfC3KIZGhbOvYbCXOg8EpGw65lMuwDS14fbUaEmAlUEFn:FFBnNmlCjoxZZdvYbCXOTzwWvwG10bC+
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-