General
-
Target
f7bbc60071623219f622b4e17e1f9cdc_JaffaCakes118
-
Size
197KB
-
Sample
240418-lpb8zahd44
-
MD5
f7bbc60071623219f622b4e17e1f9cdc
-
SHA1
cb11c5dc4a18271b5c1317d5117e6da8346975fc
-
SHA256
181e46988f3f2140a1b6cd772050bd22cd966d919a03dd9023fa0d51e71629a5
-
SHA512
3e0839d7c273da6283689769cab4ac1e0def92fbfbbc428dddbdc6cb7615c4232e9b59fe5e22a8d501cd66db9cc1ff8bbad55a5d46e76f8aabe203b16ed1bd75
-
SSDEEP
6144:mzFu/4SvNGh4VhmkTNPQTqsTT0Tebd1T80B1+:H/4SVGh4nRITigNB1+
Static task
static1
Behavioral task
behavioral1
Sample
f7bbc60071623219f622b4e17e1f9cdc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7bbc60071623219f622b4e17e1f9cdc_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f7bbc60071623219f622b4e17e1f9cdc_JaffaCakes118
-
Size
197KB
-
MD5
f7bbc60071623219f622b4e17e1f9cdc
-
SHA1
cb11c5dc4a18271b5c1317d5117e6da8346975fc
-
SHA256
181e46988f3f2140a1b6cd772050bd22cd966d919a03dd9023fa0d51e71629a5
-
SHA512
3e0839d7c273da6283689769cab4ac1e0def92fbfbbc428dddbdc6cb7615c4232e9b59fe5e22a8d501cd66db9cc1ff8bbad55a5d46e76f8aabe203b16ed1bd75
-
SSDEEP
6144:mzFu/4SvNGh4VhmkTNPQTqsTT0Tebd1T80B1+:H/4SVGh4nRITigNB1+
Score10/10-
StormKitty payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-