General
-
Target
f79e2ec35038ead23e7dd5bc7bc59ef6_JaffaCakes118
-
Size
752KB
-
Sample
240418-j8fpdsfh26
-
MD5
f79e2ec35038ead23e7dd5bc7bc59ef6
-
SHA1
7d59a1e8569d238767517b4bbb2ad4319a85cb63
-
SHA256
648dee15c3a9f15fefd07511703768076d59e1afe718902af4266668428c40b4
-
SHA512
e518a12b870b55ca041afd7a265be352a6ca7c814108d0202ec52383a16c8622e6589e37503662ba83a83171e20206146907d605dd195edbffe27adce9c2d6c7
-
SSDEEP
12288:Ls/AlvrMoB7UqB7Q1KLLHO6Wzvdq/CEQwNDrjtf+O73vO9M3xB4s0z:SITMoJi1KLszlYxN3G9yBA
Static task
static1
Behavioral task
behavioral1
Sample
f79e2ec35038ead23e7dd5bc7bc59ef6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f79e2ec35038ead23e7dd5bc7bc59ef6_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f79e2ec35038ead23e7dd5bc7bc59ef6_JaffaCakes118
-
Size
752KB
-
MD5
f79e2ec35038ead23e7dd5bc7bc59ef6
-
SHA1
7d59a1e8569d238767517b4bbb2ad4319a85cb63
-
SHA256
648dee15c3a9f15fefd07511703768076d59e1afe718902af4266668428c40b4
-
SHA512
e518a12b870b55ca041afd7a265be352a6ca7c814108d0202ec52383a16c8622e6589e37503662ba83a83171e20206146907d605dd195edbffe27adce9c2d6c7
-
SSDEEP
12288:Ls/AlvrMoB7UqB7Q1KLLHO6Wzvdq/CEQwNDrjtf+O73vO9M3xB4s0z:SITMoJi1KLszlYxN3G9yBA
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-