General
-
Target
2f458c33db76f5a0cedacef12448de7a_JaffaCakes118
-
Size
1.8MB
-
Sample
240510-qe4mpagd2w
-
MD5
2f458c33db76f5a0cedacef12448de7a
-
SHA1
255009db52b3f7c248b531ccaaa92d06e87f0835
-
SHA256
76e5152fac663c8b62216087394df3516eb574686df01c77c85e27c7b9b531b4
-
SHA512
b815a34aad7e100aa493a4b4d05cb1379f28b0c4bd112675986945724aa4e47b434fc2de9a3efa0c0351559a6b7092463e59f97991f1e24e85f74187497a38a0
-
SSDEEP
24576:DZj28ewfikbzlKf8Y67OQGPrp0oB2PdEvNOSz3gPwB:FM3yJKsRcTB7vNHzV
Malware Config
Targets
-
-
Target
2f458c33db76f5a0cedacef12448de7a_JaffaCakes118
-
Size
1.8MB
-
MD5
2f458c33db76f5a0cedacef12448de7a
-
SHA1
255009db52b3f7c248b531ccaaa92d06e87f0835
-
SHA256
76e5152fac663c8b62216087394df3516eb574686df01c77c85e27c7b9b531b4
-
SHA512
b815a34aad7e100aa493a4b4d05cb1379f28b0c4bd112675986945724aa4e47b434fc2de9a3efa0c0351559a6b7092463e59f97991f1e24e85f74187497a38a0
-
SSDEEP
24576:DZj28ewfikbzlKf8Y67OQGPrp0oB2PdEvNOSz3gPwB:FM3yJKsRcTB7vNHzV
Score10/10-
AdWind
A Java-based RAT family operated as malware-as-a-service.
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Class file contains resources related to AdWind
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-