General
-
Target
56e4cedb683a9d1c2b482de3d06d9c09_JaffaCakes118
-
Size
1.0MB
-
Sample
240518-1ctptagf5s
-
MD5
56e4cedb683a9d1c2b482de3d06d9c09
-
SHA1
124e7d162912def22d98975df2f0186b5b4af207
-
SHA256
88b19a54e96629881f26ac18f867e1452d76ea240d1aaf6dd9a31c49a75e1a4c
-
SHA512
2325ecfc44d3317c949c568d7f755064e074b11573a366cfc15a35ca9ecaf5c22de6ee104f3f41e86ffee0fae2473948a2ac1b993cb89872024307eeabc49a48
-
SSDEEP
24576:bImhov8yv3Xkl4LhiRNJw4RBzjLIHVnVtH:Lov8yv/did37vuNH
Static task
static1
Behavioral task
behavioral1
Sample
56e4cedb683a9d1c2b482de3d06d9c09_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
samsung05@@@
Targets
-
-
Target
56e4cedb683a9d1c2b482de3d06d9c09_JaffaCakes118
-
Size
1.0MB
-
MD5
56e4cedb683a9d1c2b482de3d06d9c09
-
SHA1
124e7d162912def22d98975df2f0186b5b4af207
-
SHA256
88b19a54e96629881f26ac18f867e1452d76ea240d1aaf6dd9a31c49a75e1a4c
-
SHA512
2325ecfc44d3317c949c568d7f755064e074b11573a366cfc15a35ca9ecaf5c22de6ee104f3f41e86ffee0fae2473948a2ac1b993cb89872024307eeabc49a48
-
SSDEEP
24576:bImhov8yv3Xkl4LhiRNJw4RBzjLIHVnVtH:Lov8yv/did37vuNH
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-