General
-
Target
3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118
-
Size
525KB
-
Sample
240510-wgb84sch69
-
MD5
3050f4e4954811a6c0b01a429706a4f7
-
SHA1
b45715196d8302c56610cd95b2b246169391aa68
-
SHA256
19877426654096d35fa4a46656f35207fa19b3657c50c284cf601332243b9199
-
SHA512
a2c45736c6b71cfcdf78bc7e840a17428ad5f1e23167bf7dbef48289317e93580c46ec65b6e8d7ded625f4d1024498ac2fd908cb2b47c15aa7fa6fcb74d69130
-
SSDEEP
12288:ioQp2RoELtccvIjP9845Ss/krM6D8aSUAZph8ZAEMjoFzlmjs:7nbvS9840ssIGbSUArOmoRl5
Static task
static1
Behavioral task
behavioral1
Sample
3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118
-
Size
525KB
-
MD5
3050f4e4954811a6c0b01a429706a4f7
-
SHA1
b45715196d8302c56610cd95b2b246169391aa68
-
SHA256
19877426654096d35fa4a46656f35207fa19b3657c50c284cf601332243b9199
-
SHA512
a2c45736c6b71cfcdf78bc7e840a17428ad5f1e23167bf7dbef48289317e93580c46ec65b6e8d7ded625f4d1024498ac2fd908cb2b47c15aa7fa6fcb74d69130
-
SSDEEP
12288:ioQp2RoELtccvIjP9845Ss/krM6D8aSUAZph8ZAEMjoFzlmjs:7nbvS9840ssIGbSUArOmoRl5
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-