General
-
Target
6996039041baf7cca2c7a40e3b28cc41_JaffaCakes118
-
Size
556KB
-
Sample
240523-dzwrcscd37
-
MD5
6996039041baf7cca2c7a40e3b28cc41
-
SHA1
23addc834e06162ce829c72e39f4ba010e827b66
-
SHA256
ea061b967396a6a32249a92d4175e4d4b0afd95474629c2fbc94e9efaca92387
-
SHA512
49f853dcc3be2b0bbebe6fb3c66be9372b91b96164eb00960a8a0c0420f7b90060d79551640156e499a02263f3bc6b62eb74a254e6efc76dde36281635d8eeae
-
SSDEEP
12288:DBaxwL7Yke3dHZmXJfMkz2zAJu+fpdHOyrSrvWVX3/g:Faa3reN5mXPKzAo0pkyrSrvWV4
Behavioral task
behavioral1
Sample
6996039041baf7cca2c7a40e3b28cc41_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
vidar
6.9
237
http://allcashbacks.ac.ug/
-
profile_id
237
Targets
-
-
Target
6996039041baf7cca2c7a40e3b28cc41_JaffaCakes118
-
Size
556KB
-
MD5
6996039041baf7cca2c7a40e3b28cc41
-
SHA1
23addc834e06162ce829c72e39f4ba010e827b66
-
SHA256
ea061b967396a6a32249a92d4175e4d4b0afd95474629c2fbc94e9efaca92387
-
SHA512
49f853dcc3be2b0bbebe6fb3c66be9372b91b96164eb00960a8a0c0420f7b90060d79551640156e499a02263f3bc6b62eb74a254e6efc76dde36281635d8eeae
-
SSDEEP
12288:DBaxwL7Yke3dHZmXJfMkz2zAJu+fpdHOyrSrvWVX3/g:Faa3reN5mXPKzAo0pkyrSrvWV4
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-