General
-
Target
7f51d03ebd2387b5b1549be249c52328_JaffaCakes118
-
Size
11.0MB
-
Sample
240529-dq5b5sgd21
-
MD5
7f51d03ebd2387b5b1549be249c52328
-
SHA1
87623d4796fda5a739444c2b4e8fdb2ed65396e1
-
SHA256
abedb8a9a237e4cbecf61e12641a600a8b5953d72b061376e96c515b319707df
-
SHA512
358af2cb13a3a9ff72127e163db7baede4346300f01cc9f51b0abdcb6a5348b91966b31d6615b1aa3757f655353e0faac55d3f92751592c9816b12afc552c578
-
SSDEEP
196608:YSkLwS2AJ9onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPvznbWD5DT8TbM58CGsHtX:YpJ9c5hlER2MRFJzFcguYtN3ZWDKibMz
Behavioral task
behavioral1
Sample
7f51d03ebd2387b5b1549be249c52328_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
7f51d03ebd2387b5b1549be249c52328_JaffaCakes118
-
Size
11.0MB
-
MD5
7f51d03ebd2387b5b1549be249c52328
-
SHA1
87623d4796fda5a739444c2b4e8fdb2ed65396e1
-
SHA256
abedb8a9a237e4cbecf61e12641a600a8b5953d72b061376e96c515b319707df
-
SHA512
358af2cb13a3a9ff72127e163db7baede4346300f01cc9f51b0abdcb6a5348b91966b31d6615b1aa3757f655353e0faac55d3f92751592c9816b12afc552c578
-
SSDEEP
196608:YSkLwS2AJ9onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPvznbWD5DT8TbM58CGsHtX:YpJ9c5hlER2MRFJzFcguYtN3ZWDKibMz
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-