General
-
Target
fd5dad667edc46daef933b35d05f8555_JaffaCakes118
-
Size
581KB
-
Sample
240420-w5lgpafc2w
-
MD5
fd5dad667edc46daef933b35d05f8555
-
SHA1
fe97457b62dc2b71ee3f442ca806f4e020475821
-
SHA256
e550ae31e23fc9e4f7b543263a85a075ff727690e17e735afd2b999640612be7
-
SHA512
d416f7d05ab37b2871c74d7c4d504c14eef08a27835c2250e2e38f1a4eba1e5f326e0b19778bbc4a017dfedd1d1ac9d510e651e7ba21d98e0b5df8784f83dd6d
-
SSDEEP
12288:VhqxSLo5C1Ps4XhWT+trB8/2mQdShzITKYaztr8ybuRRssb8:VHLmCiIhju2FwQyDtsb8
Static task
static1
Behavioral task
behavioral1
Sample
fd5dad667edc46daef933b35d05f8555_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/882699814805061663/t2OYL-mIrPiqG-u99L6kOBVeFW3ZztNOFcMlV1t3d2KjSF7XPZFr5kxG0S2tgFW28GHF
Targets
-
-
Target
fd5dad667edc46daef933b35d05f8555_JaffaCakes118
-
Size
581KB
-
MD5
fd5dad667edc46daef933b35d05f8555
-
SHA1
fe97457b62dc2b71ee3f442ca806f4e020475821
-
SHA256
e550ae31e23fc9e4f7b543263a85a075ff727690e17e735afd2b999640612be7
-
SHA512
d416f7d05ab37b2871c74d7c4d504c14eef08a27835c2250e2e38f1a4eba1e5f326e0b19778bbc4a017dfedd1d1ac9d510e651e7ba21d98e0b5df8784f83dd6d
-
SSDEEP
12288:VhqxSLo5C1Ps4XhWT+trB8/2mQdShzITKYaztr8ybuRRssb8:VHLmCiIhju2FwQyDtsb8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-