General
-
Target
28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118
-
Size
644KB
-
Sample
240509-jlkptsgb4w
-
MD5
28fbf26d76059fb5f277eaae5b7f894b
-
SHA1
8bf8f4ccadd44da372359a31598856e187dc5b1f
-
SHA256
97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0
-
SHA512
2db87c5f04edbfee71575ca045dd96e694e75b0c84a7400e01ba429af44987052d7b7b694bdbc5ef808b917d1f39d6ab6f521b40d895e3c1d8da938450800660
-
SSDEEP
12288:q0wKEpZHDQi7vhMgWMzU9l9fDWmSsLbpnHrM8DoiQQWpH3UMQ9fp6zgJGE0:1Ejki75MTSCaaLbpnQ/zpU9ozMa
Static task
static1
Behavioral task
behavioral1
Sample
28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
Protocol: smtp- Host:
secure.emailsrvr.com - Port:
587 - Username:
[email protected] - Password:
Wako2j22#
Targets
-
-
Target
28fbf26d76059fb5f277eaae5b7f894b_JaffaCakes118
-
Size
644KB
-
MD5
28fbf26d76059fb5f277eaae5b7f894b
-
SHA1
8bf8f4ccadd44da372359a31598856e187dc5b1f
-
SHA256
97b1a0a2a2f05f22c3f9ac4152e34ad4d629c577ea9425020d5f8ce204d583d0
-
SHA512
2db87c5f04edbfee71575ca045dd96e694e75b0c84a7400e01ba429af44987052d7b7b694bdbc5ef808b917d1f39d6ab6f521b40d895e3c1d8da938450800660
-
SSDEEP
12288:q0wKEpZHDQi7vhMgWMzU9l9fDWmSsLbpnHrM8DoiQQWpH3UMQ9fp6zgJGE0:1Ejki75MTSCaaLbpnQ/zpU9ozMa
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-