General
-
Target
014f745b0be3ee6a111b6ecf56b24554_JaffaCakes118
-
Size
498KB
-
Sample
240426-v8z9ksgf98
-
MD5
014f745b0be3ee6a111b6ecf56b24554
-
SHA1
b354b4de1c57c4343ed0b7ae736dd8f4061a2b7b
-
SHA256
2c9538aaf6058783ac6e7c6676769ba3904a584b0bbc8c475852b11096c3c368
-
SHA512
c5d432b856c073ed3935280a9f1286619247777e5ec2436b1481499bf3ad9598a0e9d6159bb71cf6d04e59dbac9bd29fad24bfe833fda5d0540790313201a863
-
SSDEEP
6144:RlaEB0JIK8L7svhBhavyzmBdFhM9gKvZffsOmPPrclIicU2e+tse5Mz0pzWBmF7P:7L0SbLmhDa6Cns9NpuUIile571gAd
Static task
static1
Behavioral task
behavioral1
Sample
014f745b0be3ee6a111b6ecf56b24554_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
vidar
31.7
517
http://naturestar.ac.ug/
-
profile_id
517
Targets
-
-
Target
014f745b0be3ee6a111b6ecf56b24554_JaffaCakes118
-
Size
498KB
-
MD5
014f745b0be3ee6a111b6ecf56b24554
-
SHA1
b354b4de1c57c4343ed0b7ae736dd8f4061a2b7b
-
SHA256
2c9538aaf6058783ac6e7c6676769ba3904a584b0bbc8c475852b11096c3c368
-
SHA512
c5d432b856c073ed3935280a9f1286619247777e5ec2436b1481499bf3ad9598a0e9d6159bb71cf6d04e59dbac9bd29fad24bfe833fda5d0540790313201a863
-
SSDEEP
6144:RlaEB0JIK8L7svhBhavyzmBdFhM9gKvZffsOmPPrclIicU2e+tse5Mz0pzWBmF7P:7L0SbLmhDa6Cns9NpuUIile571gAd
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-