General
-
Target
b5e2d1b9369223d47b30b95802c80fa4_JaffaCakes118
-
Size
4.1MB
-
Sample
240617-ac5tzayfrm
-
MD5
b5e2d1b9369223d47b30b95802c80fa4
-
SHA1
f4b46296db343e9b47b3bc25cb4e765cabc59800
-
SHA256
ce3ffa8aafe576656f8b69cbc11b033eb310f3f38d3e573a3d3d99b7665fbe23
-
SHA512
85504ca38f1afcbaf3a897f3cb48b73f5923deff7c93f38da0763c29d9dffbb5a700fe43fe1ff93a4022b74b92721b411cad650662a4838e3fe9e43680ef6d79
-
SSDEEP
98304:efw2E8Kp2K+HLsOga4bHUvL5QV/teIg9tQe:efTfKcmHUvaV0Ig9b
Behavioral task
behavioral1
Sample
b5e2d1b9369223d47b30b95802c80fa4_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
b5e2d1b9369223d47b30b95802c80fa4_JaffaCakes118
-
Size
4.1MB
-
MD5
b5e2d1b9369223d47b30b95802c80fa4
-
SHA1
f4b46296db343e9b47b3bc25cb4e765cabc59800
-
SHA256
ce3ffa8aafe576656f8b69cbc11b033eb310f3f38d3e573a3d3d99b7665fbe23
-
SHA512
85504ca38f1afcbaf3a897f3cb48b73f5923deff7c93f38da0763c29d9dffbb5a700fe43fe1ff93a4022b74b92721b411cad650662a4838e3fe9e43680ef6d79
-
SSDEEP
98304:efw2E8Kp2K+HLsOga4bHUvL5QV/teIg9tQe:efTfKcmHUvaV0Ig9b
-
Detect Fabookie payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-