General
-
Target
25c880e42986f666ea40d453b8ca50d7_JaffaCakes118
-
Size
9.9MB
-
Sample
240508-vpyxeaha39
-
MD5
25c880e42986f666ea40d453b8ca50d7
-
SHA1
4514a3188a0b21a3b19403bb3a85cb0f2ae62b57
-
SHA256
1646331b093169cd5e9ec62eede112a7166a3ac589e852b742c7eda1a819aef3
-
SHA512
116d77eb1fcf20659fe2dbc79ec5a13a4f75a857d4106c7adff189c2d0ba488e560badb5ed6507818f20f66ae265c8e419398e62d231105f008c60bbf468591b
-
SSDEEP
196608:YSVoLA2CkJ39onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPv+WD5DTY/R8CMe+YYu0:6c69c5hlER2MRFJzFcguYtN3ZW7w7Mu
Behavioral task
behavioral1
Sample
25c880e42986f666ea40d453b8ca50d7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
25c880e42986f666ea40d453b8ca50d7_JaffaCakes118
-
Size
9.9MB
-
MD5
25c880e42986f666ea40d453b8ca50d7
-
SHA1
4514a3188a0b21a3b19403bb3a85cb0f2ae62b57
-
SHA256
1646331b093169cd5e9ec62eede112a7166a3ac589e852b742c7eda1a819aef3
-
SHA512
116d77eb1fcf20659fe2dbc79ec5a13a4f75a857d4106c7adff189c2d0ba488e560badb5ed6507818f20f66ae265c8e419398e62d231105f008c60bbf468591b
-
SSDEEP
196608:YSVoLA2CkJ39onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPv+WD5DTY/R8CMe+YYu0:6c69c5hlER2MRFJzFcguYtN3ZW7w7Mu
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
main.pyc
-
Size
8KB
-
MD5
d65cb5dc205bd058dd89b4a1824a0d64
-
SHA1
15b6417b8d923e8ae942c8becc39fecb3ad02351
-
SHA256
9cefac34d6d454878f4c6df8473dc2aea59d447d426a96b73c6a2e69eabc5a34
-
SHA512
99e78570bc5c23fc9f67e7f5a13ca1bec1fbb74278839d549ccbbf2e19f33b4199561f1818aca610992cc6275888c588979b64bab744469580326124f4257110
-
SSDEEP
192:ebOQAI7Q7AnCs0SVRVcw1NKenuskQk17VL9m7N0x8PSeoJ0255Wq0Yq:OAIcsCNStcw1NFnNzk1ZL9mmxkSeoG02
Score3/10 -