General
-
Target
8d4fc7d9b7f9ae031db6ac350af49861_JaffaCakes118
-
Size
39KB
-
Sample
240602-jbmrfafe98
-
MD5
8d4fc7d9b7f9ae031db6ac350af49861
-
SHA1
a57c563cc8406ef2ea4a8ad94972f039f053026e
-
SHA256
3637dfa2d64efeaf36903e17bacd8f832dee3e6d12e3414fd55fed4311498796
-
SHA512
900e577c29f2976604805420ffd2fad6848657ba408e61dd8883bee55146ce229728527ebdbad2cf12b30b81232345e03761d02f1f0e2301de4de5154d2f6e87
-
SSDEEP
768:f0tIvRpRaIMLwZ7nPU8dKSPhfVJfQD/yLZlWXKwsl:f0CvDgIvZ7nPXKg3JfqaFlR
Static task
static1
Behavioral task
behavioral1
Sample
8d4fc7d9b7f9ae031db6ac350af49861_JaffaCakes118.ps1
Resource
win7-20240220-en
Malware Config
Extracted
limerat
-
aes_key
pysenuu
-
antivm
false
-
c2_url
https://pastebin.com/raw/smgAS6SG
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/smgAS6SG
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
8d4fc7d9b7f9ae031db6ac350af49861_JaffaCakes118
-
Size
39KB
-
MD5
8d4fc7d9b7f9ae031db6ac350af49861
-
SHA1
a57c563cc8406ef2ea4a8ad94972f039f053026e
-
SHA256
3637dfa2d64efeaf36903e17bacd8f832dee3e6d12e3414fd55fed4311498796
-
SHA512
900e577c29f2976604805420ffd2fad6848657ba408e61dd8883bee55146ce229728527ebdbad2cf12b30b81232345e03761d02f1f0e2301de4de5154d2f6e87
-
SSDEEP
768:f0tIvRpRaIMLwZ7nPU8dKSPhfVJfQD/yLZlWXKwsl:f0CvDgIvZ7nPXKg3JfqaFlR
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-