General
-
Target
2834a729314ab5b1974b197bc018f7e4_JaffaCakes118
-
Size
316KB
-
Sample
240509-ejd22shd7z
-
MD5
2834a729314ab5b1974b197bc018f7e4
-
SHA1
1a5c9350da60924a461940ac767a2e47795170c0
-
SHA256
aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27
-
SHA512
9815275b0b80c9f9c077f18f1047b649eb70ced287806bd0209e221e6d6f1aa3181c727b7638f225f4ce5c4c4b52c930b93e965fab7e7ea8a1d665996194c103
-
SSDEEP
6144:zDxoL+RNKPMsLjYtfG+bs081MdP5BP4qjSSHhrsUZkf4c:nuwNKPMsLjSIlMdHO0r5dc
Static task
static1
Behavioral task
behavioral1
Sample
2834a729314ab5b1974b197bc018f7e4_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2834a729314ab5b1974b197bc018f7e4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
fickerstealer
gzgbnserv639.xyz:80
Targets
-
-
Target
2834a729314ab5b1974b197bc018f7e4_JaffaCakes118
-
Size
316KB
-
MD5
2834a729314ab5b1974b197bc018f7e4
-
SHA1
1a5c9350da60924a461940ac767a2e47795170c0
-
SHA256
aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27
-
SHA512
9815275b0b80c9f9c077f18f1047b649eb70ced287806bd0209e221e6d6f1aa3181c727b7638f225f4ce5c4c4b52c930b93e965fab7e7ea8a1d665996194c103
-
SSDEEP
6144:zDxoL+RNKPMsLjYtfG+bs081MdP5BP4qjSSHhrsUZkf4c:nuwNKPMsLjSIlMdHO0r5dc
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-