General
-
Target
2ba3cd628ff02e6db45ae46778560953_JaffaCakes118
-
Size
2.0MB
-
Sample
240509-zl1ztahb27
-
MD5
2ba3cd628ff02e6db45ae46778560953
-
SHA1
243a4d48ab4b6791c8bff0d58d878826f7dd9bec
-
SHA256
225d469955bed2ee317957e80a774ee37d51dd48fff41c5e8b75eb386bc9a666
-
SHA512
058c29447f73cab7115e0ce81bf43ac4bb3dd0fccd7da176ba03441770b25d4ff35239d3c0a67812d05c99d13c4b6d6e502233fedf6789a8f58ddd0099a3ccd9
-
SSDEEP
12288:q3mGI2uttEwDfl1o34BWQXyyTN0ebL9jObeIumkgVs4fyLh0jrBF1vpjlfBGHV4s:jX1rUm1bhaf9lqpIcN1H5
Static task
static1
Behavioral task
behavioral1
Sample
2ba3cd628ff02e6db45ae46778560953_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2ba3cd628ff02e6db45ae46778560953_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2ba3cd628ff02e6db45ae46778560953_JaffaCakes118
-
Size
2.0MB
-
MD5
2ba3cd628ff02e6db45ae46778560953
-
SHA1
243a4d48ab4b6791c8bff0d58d878826f7dd9bec
-
SHA256
225d469955bed2ee317957e80a774ee37d51dd48fff41c5e8b75eb386bc9a666
-
SHA512
058c29447f73cab7115e0ce81bf43ac4bb3dd0fccd7da176ba03441770b25d4ff35239d3c0a67812d05c99d13c4b6d6e502233fedf6789a8f58ddd0099a3ccd9
-
SSDEEP
12288:q3mGI2uttEwDfl1o34BWQXyyTN0ebL9jObeIumkgVs4fyLh0jrBF1vpjlfBGHV4s:jX1rUm1bhaf9lqpIcN1H5
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Looks for VirtualBox Guest Additions in registry
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-