General
-
Target
207d960c0ac8ec72d7d9f56a5ccf5f34_JaffaCakes118
-
Size
1.1MB
-
Sample
240507-n2mxcahc99
-
MD5
207d960c0ac8ec72d7d9f56a5ccf5f34
-
SHA1
4d78705382b3957f64a99ecba7fda2b87f36bc79
-
SHA256
112390bb646fa1d763c3189bb4e70b90f815a268158f1d43144ecd15e0194a46
-
SHA512
f0f2b4d41f32f36aa0014159e706c7b1486a60108fb2bcc512d22a939e690efcb855c117feb2b57c12dd754b4842cf866d32c9b7843390449f6e36f0670b31f5
-
SSDEEP
12288:28yIy581Qv8yIy581QXZEq+a22jPwvDI2B8WnXYRLB2LsC3Lg9XgyAeX1+c:wn8m/n8mOq/dPwsO8CIRLrC6Q5
Static task
static1
Behavioral task
behavioral1
Sample
207d960c0ac8ec72d7d9f56a5ccf5f34_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
207d960c0ac8ec72d7d9f56a5ccf5f34_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
myrecords1248
Targets
-
-
Target
207d960c0ac8ec72d7d9f56a5ccf5f34_JaffaCakes118
-
Size
1.1MB
-
MD5
207d960c0ac8ec72d7d9f56a5ccf5f34
-
SHA1
4d78705382b3957f64a99ecba7fda2b87f36bc79
-
SHA256
112390bb646fa1d763c3189bb4e70b90f815a268158f1d43144ecd15e0194a46
-
SHA512
f0f2b4d41f32f36aa0014159e706c7b1486a60108fb2bcc512d22a939e690efcb855c117feb2b57c12dd754b4842cf866d32c9b7843390449f6e36f0670b31f5
-
SSDEEP
12288:28yIy581Qv8yIy581QXZEq+a22jPwvDI2B8WnXYRLB2LsC3Lg9XgyAeX1+c:wn8m/n8mOq/dPwsO8CIRLrC6Q5
-
Detect ZGRat V1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-