General
-
Target
f951d45431b09d1dda8fc9aae3010c8a_JaffaCakes118
-
Size
563KB
-
Sample
240419-c4t8naed83
-
MD5
f951d45431b09d1dda8fc9aae3010c8a
-
SHA1
6b80c3d5c77848063ba634dcbf9fe7ad06a448eb
-
SHA256
2fefd5947e1f310af3f6b3e1aef0c12ff3d5eed25beda92531a7a76e7fb1639e
-
SHA512
d3022aa083a4f7fb8081052cc8e88b25b069eafb0a8c01718f13c334fd7209a19f841fed73a2826e356a32da932d40807078acbf681b022f83ec38b605997937
-
SSDEEP
12288:EiYco+gunQUBCEAWfykqVNe3U24eoz8LWy5:ENZunQU1aVNe3U24QLWy5
Static task
static1
Behavioral task
behavioral1
Sample
f951d45431b09d1dda8fc9aae3010c8a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f951d45431b09d1dda8fc9aae3010c8a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
azerty789
Targets
-
-
Target
f951d45431b09d1dda8fc9aae3010c8a_JaffaCakes118
-
Size
563KB
-
MD5
f951d45431b09d1dda8fc9aae3010c8a
-
SHA1
6b80c3d5c77848063ba634dcbf9fe7ad06a448eb
-
SHA256
2fefd5947e1f310af3f6b3e1aef0c12ff3d5eed25beda92531a7a76e7fb1639e
-
SHA512
d3022aa083a4f7fb8081052cc8e88b25b069eafb0a8c01718f13c334fd7209a19f841fed73a2826e356a32da932d40807078acbf681b022f83ec38b605997937
-
SSDEEP
12288:EiYco+gunQUBCEAWfykqVNe3U24eoz8LWy5:ENZunQU1aVNe3U24QLWy5
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-