General
-
Target
f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118
-
Size
715KB
-
Sample
240417-29mhfaad6s
-
MD5
f6ca0052f508770f499eaddb5dfdefa5
-
SHA1
83b1cdaa08b1e5c32b5baed55c22608ce9d01944
-
SHA256
01dccd80e7c6948853bacb394d25995d5886f84c05bfbb506b4c5862d8221901
-
SHA512
cc6c3739d611d66a7b3aeb248212c97cad3341e989d0855dd2d960464b656eb2cb4facaff0bda95632d415e40d06f94af2e13c6105caa1263a9bfb4f21dde2d1
-
SSDEEP
12288:8AIfVYIdFMXgcisxVmXldFPaNGhC5VMgSxLH49TWwp8u911p0ziyMtSUPaTfrgKy:2V5zMbiMVAlbPaNG2egFTW+8AsiAUPa6
Static task
static1
Behavioral task
behavioral1
Sample
f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
restd.club - Port:
587 - Username:
[email protected] - Password:
mQJrXsvkEb#S
Targets
-
-
Target
f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118
-
Size
715KB
-
MD5
f6ca0052f508770f499eaddb5dfdefa5
-
SHA1
83b1cdaa08b1e5c32b5baed55c22608ce9d01944
-
SHA256
01dccd80e7c6948853bacb394d25995d5886f84c05bfbb506b4c5862d8221901
-
SHA512
cc6c3739d611d66a7b3aeb248212c97cad3341e989d0855dd2d960464b656eb2cb4facaff0bda95632d415e40d06f94af2e13c6105caa1263a9bfb4f21dde2d1
-
SSDEEP
12288:8AIfVYIdFMXgcisxVmXldFPaNGhC5VMgSxLH49TWwp8u911p0ziyMtSUPaTfrgKy:2V5zMbiMVAlbPaNG2egFTW+8AsiAUPa6
Score10/10-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-