General
-
Target
9693b8764880fc6795d5077e0fb73206_JaffaCakes118
-
Size
315KB
-
Sample
240604-27k7lafe56
-
MD5
9693b8764880fc6795d5077e0fb73206
-
SHA1
0cd2059ac8bc35c8c5a22b779c1015623c85e753
-
SHA256
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
SHA512
ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b
-
SSDEEP
6144:7dnp5L7p3mHbIwBQuvmELl+2kV+iWqVNhPkNLPca9iyT1/fc8:7p7nwHPVmqDC+zqD5qjccq8
Static task
static1
Behavioral task
behavioral1
Sample
9693b8764880fc6795d5077e0fb73206_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9693b8764880fc6795d5077e0fb73206_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
fickerstealer
gzgbnserv639.xyz:80
Targets
-
-
Target
9693b8764880fc6795d5077e0fb73206_JaffaCakes118
-
Size
315KB
-
MD5
9693b8764880fc6795d5077e0fb73206
-
SHA1
0cd2059ac8bc35c8c5a22b779c1015623c85e753
-
SHA256
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
SHA512
ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b
-
SSDEEP
6144:7dnp5L7p3mHbIwBQuvmELl+2kV+iWqVNhPkNLPca9iyT1/fc8:7p7nwHPVmqDC+zqD5qjccq8
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-