General
-
Target
434c68f0c164c2bb341a0e621c6a0268_JaffaCakes118
-
Size
4.1MB
-
Sample
240514-17se8sba9z
-
MD5
434c68f0c164c2bb341a0e621c6a0268
-
SHA1
6576f67d3b6cdb6cd0418614fdee066a142900d1
-
SHA256
aba54f4c7b3a105734f37df065629041c01fd67df5e2fd2c4658676872aa5210
-
SHA512
be8c853fb37d262dfeb53a0af565e666ba4d4eeda7512f76ced07e5fe49b0b98860672a818c7dd8adf00eeb03fd925592e3d4818abf17beb3a8c71ab06c6c62c
-
SSDEEP
98304:IcY3xlYDGv7UfKmTQutOgUDxtryxhfWnxlJGwu3Zk:IcaHW/MDChfcrSk
Malware Config
Targets
-
-
Target
434c68f0c164c2bb341a0e621c6a0268_JaffaCakes118
-
Size
4.1MB
-
MD5
434c68f0c164c2bb341a0e621c6a0268
-
SHA1
6576f67d3b6cdb6cd0418614fdee066a142900d1
-
SHA256
aba54f4c7b3a105734f37df065629041c01fd67df5e2fd2c4658676872aa5210
-
SHA512
be8c853fb37d262dfeb53a0af565e666ba4d4eeda7512f76ced07e5fe49b0b98860672a818c7dd8adf00eeb03fd925592e3d4818abf17beb3a8c71ab06c6c62c
-
SSDEEP
98304:IcY3xlYDGv7UfKmTQutOgUDxtryxhfWnxlJGwu3Zk:IcaHW/MDChfcrSk
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-