General
-
Target
7331eab5ec14421887055a48dfc366eb_JaffaCakes118
-
Size
208KB
-
Sample
240525-zkgvjshh4v
-
MD5
7331eab5ec14421887055a48dfc366eb
-
SHA1
5cb902264bcba6abd173b7e2d1e9056cfc9df450
-
SHA256
5d44a39d75d30a0843b62c24acf87e2d75e300cefdf9ced7ffb2cca02fa4f32c
-
SHA512
c3501854f09c1a644c0f5af8f48dfe952a1fec354140213b97b2ced0a65ecdffddce987c24111298e9cd11f0d71c7406f9d89492c5c40298044d6ddee66e6830
-
SSDEEP
3072:ekX6PzJhK/XazrKZ5FdFeylCSRri8rWb:zqPzJhOXOeZjd90Shi8r
Malware Config
Targets
-
-
Target
7331eab5ec14421887055a48dfc366eb_JaffaCakes118
-
Size
208KB
-
MD5
7331eab5ec14421887055a48dfc366eb
-
SHA1
5cb902264bcba6abd173b7e2d1e9056cfc9df450
-
SHA256
5d44a39d75d30a0843b62c24acf87e2d75e300cefdf9ced7ffb2cca02fa4f32c
-
SHA512
c3501854f09c1a644c0f5af8f48dfe952a1fec354140213b97b2ced0a65ecdffddce987c24111298e9cd11f0d71c7406f9d89492c5c40298044d6ddee66e6830
-
SSDEEP
3072:ekX6PzJhK/XazrKZ5FdFeylCSRri8rWb:zqPzJhOXOeZjd90Shi8r
Score7/10-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-