General
-
Target
188debc6e602735db40b63dc7842be48_JaffaCakes118
-
Size
1.2MB
-
Sample
240505-vfxyraaf28
-
MD5
188debc6e602735db40b63dc7842be48
-
SHA1
41b2f74e2d4bda6378da829c8f486338d439c2ed
-
SHA256
2619a7f6787412012ec4d3eb0bf909aa9b34d2c0a94d35af5a2b05baa21ea5ae
-
SHA512
22625eef4d106b1dd3b1c2d45f072710fdf805c07cd122f222c5e9d10618df40a7324655620c676995629224158308895edb8699a06bad66a5c429cd6a10791f
-
SSDEEP
12288:mEc4Zs866fwoPuMwBmfBPYqqHPWiLWOfVHtbIw6AOvTwuyH3kV3YzGJ:mEcy0sHWmpPQWiLWOX2TD3YzG
Static task
static1
Behavioral task
behavioral1
Sample
188debc6e602735db40b63dc7842be48_JaffaCakes118.msi
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
188debc6e602735db40b63dc7842be48_JaffaCakes118.msi
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
188debc6e602735db40b63dc7842be48_JaffaCakes118
-
Size
1.2MB
-
MD5
188debc6e602735db40b63dc7842be48
-
SHA1
41b2f74e2d4bda6378da829c8f486338d439c2ed
-
SHA256
2619a7f6787412012ec4d3eb0bf909aa9b34d2c0a94d35af5a2b05baa21ea5ae
-
SHA512
22625eef4d106b1dd3b1c2d45f072710fdf805c07cd122f222c5e9d10618df40a7324655620c676995629224158308895edb8699a06bad66a5c429cd6a10791f
-
SSDEEP
12288:mEc4Zs866fwoPuMwBmfBPYqqHPWiLWOfVHtbIw6AOvTwuyH3kV3YzGJ:mEcy0sHWmpPQWiLWOX2TD3YzG
Score10/10-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-