General
-
Target
a9c6c5c41bb5f46e7666697668cfa272_JaffaCakes118
-
Size
400KB
-
Sample
240614-p48r9svfkk
-
MD5
a9c6c5c41bb5f46e7666697668cfa272
-
SHA1
487546e770849634b28fe665649b4b96f8c75697
-
SHA256
3fc2a2a77b3a9804e102bfa6f6ec489fcc7a06782b8d4d23562351f5b103db87
-
SHA512
372529f8e50522e8abd231f280ac1fc943a89ea7142e5446f71106f87b391a60ef829f6e5f877914e3b355984059dd435074b5b54427294b023aee365f2abea3
-
SSDEEP
12288:MnanePhluiqI22vyJNz6LS/0HslG2rZFIUG8F7F:keShluNZN/cHscw
Static task
static1
Behavioral task
behavioral1
Sample
a9c6c5c41bb5f46e7666697668cfa272_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a9c6c5c41bb5f46e7666697668cfa272_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a9c6c5c41bb5f46e7666697668cfa272_JaffaCakes118
-
Size
400KB
-
MD5
a9c6c5c41bb5f46e7666697668cfa272
-
SHA1
487546e770849634b28fe665649b4b96f8c75697
-
SHA256
3fc2a2a77b3a9804e102bfa6f6ec489fcc7a06782b8d4d23562351f5b103db87
-
SHA512
372529f8e50522e8abd231f280ac1fc943a89ea7142e5446f71106f87b391a60ef829f6e5f877914e3b355984059dd435074b5b54427294b023aee365f2abea3
-
SSDEEP
12288:MnanePhluiqI22vyJNz6LS/0HslG2rZFIUG8F7F:keShluNZN/cHscw
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-