General
-
Target
4a0fcda50ccb462074bb348ddaa031d2_JaffaCakes118
-
Size
959KB
-
Sample
240516-jmg1bsaf8v
-
MD5
4a0fcda50ccb462074bb348ddaa031d2
-
SHA1
3bc64f01699074912862f42d6b1d8d44524790a6
-
SHA256
fb7257b29decf0a2438a8236599ce1f4210fe1325f390b89a5b59158ff0d3c2f
-
SHA512
6b25665582405abd38c18b38501bc5e7e42a8fc91b5a5af327a9a375c407c11fb258d03451129e572419b545f6e2eed6d439dc5dd293cdb9a9820b3f33edb227
-
SSDEEP
24576:wQCRRRRRRRRRRRRRRRRRRRRt6perrOUj6k7ZqC30xggliabfCqBpp2dzMhK:wQCRRRRRRRRRRRRRRRRRRRRtWk7Zx0gI
Malware Config
Targets
-
-
Target
4a0fcda50ccb462074bb348ddaa031d2_JaffaCakes118
-
Size
959KB
-
MD5
4a0fcda50ccb462074bb348ddaa031d2
-
SHA1
3bc64f01699074912862f42d6b1d8d44524790a6
-
SHA256
fb7257b29decf0a2438a8236599ce1f4210fe1325f390b89a5b59158ff0d3c2f
-
SHA512
6b25665582405abd38c18b38501bc5e7e42a8fc91b5a5af327a9a375c407c11fb258d03451129e572419b545f6e2eed6d439dc5dd293cdb9a9820b3f33edb227
-
SSDEEP
24576:wQCRRRRRRRRRRRRRRRRRRRRt6perrOUj6k7ZqC30xggliabfCqBpp2dzMhK:wQCRRRRRRRRRRRRRRRRRRRRtWk7Zx0gI
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-