General
-
Target
0152209a56a27903b5a2989ab2d58c90_JaffaCakes118
-
Size
774KB
-
Sample
240426-wcq7gahf6v
-
MD5
0152209a56a27903b5a2989ab2d58c90
-
SHA1
b6a78c20c7a717f419c0108c07edf5be80040b74
-
SHA256
1464fd0d649ff94d2605a23be15f98cbf34bf7de56f571b370033f2a240f565e
-
SHA512
2b8b7f2d3ad5227344be75d4363152773ecd4588b4895a3ff6cc7eefa0647a2c45f33288a778450e34310a526412286da4e3c9e81a2256d8782beb8e6e462ae7
-
SSDEEP
12288:+C67adsKMDB+0fdDQcHGq2vERec+Qk3fPRq9CMI3tGJgwP1IRGP6g:+CxOdUOr2sRecb9ZptKg
Static task
static1
Behavioral task
behavioral1
Sample
0152209a56a27903b5a2989ab2d58c90_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
vidar
31.9
523
http://seabreeze.ac.ug/
-
profile_id
523
Targets
-
-
Target
0152209a56a27903b5a2989ab2d58c90_JaffaCakes118
-
Size
774KB
-
MD5
0152209a56a27903b5a2989ab2d58c90
-
SHA1
b6a78c20c7a717f419c0108c07edf5be80040b74
-
SHA256
1464fd0d649ff94d2605a23be15f98cbf34bf7de56f571b370033f2a240f565e
-
SHA512
2b8b7f2d3ad5227344be75d4363152773ecd4588b4895a3ff6cc7eefa0647a2c45f33288a778450e34310a526412286da4e3c9e81a2256d8782beb8e6e462ae7
-
SSDEEP
12288:+C67adsKMDB+0fdDQcHGq2vERec+Qk3fPRq9CMI3tGJgwP1IRGP6g:+CxOdUOr2sRecb9ZptKg
-
Detect ZGRat V1
-
Vidar Stealer
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-