General
-
Target
36655025d8d1ddf19b9780f2391c7acd_JaffaCakes118
-
Size
479KB
-
Sample
240710-zz95mssepa
-
MD5
36655025d8d1ddf19b9780f2391c7acd
-
SHA1
e97b5500000c4614ba7c46cbc2bb6dd6fc2f1cfb
-
SHA256
6a8767ed4d25c0444d394a35f6e5ceede87c6f08d97682598eefd27d7457071c
-
SHA512
0df345a77bb09abfb0e9af3a7abe15c81dc5f87646115c5aa287c5528a7c919f11a8e68c58b2883e9dce2e0dc40d6bbc3f06f18d4e18b7b0d8d3e074ef6e86c8
-
SSDEEP
12288:79v4xR9UTVoi1U+yOsgqj2lC2I18DfqWdx49z6Bga:72xR9AV3O+7sgzp+8fdxZ
Static task
static1
Behavioral task
behavioral1
Sample
36655025d8d1ddf19b9780f2391c7acd_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
36655025d8d1ddf19b9780f2391c7acd_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
36655025d8d1ddf19b9780f2391c7acd_JaffaCakes118
-
Size
479KB
-
MD5
36655025d8d1ddf19b9780f2391c7acd
-
SHA1
e97b5500000c4614ba7c46cbc2bb6dd6fc2f1cfb
-
SHA256
6a8767ed4d25c0444d394a35f6e5ceede87c6f08d97682598eefd27d7457071c
-
SHA512
0df345a77bb09abfb0e9af3a7abe15c81dc5f87646115c5aa287c5528a7c919f11a8e68c58b2883e9dce2e0dc40d6bbc3f06f18d4e18b7b0d8d3e074ef6e86c8
-
SSDEEP
12288:79v4xR9UTVoi1U+yOsgqj2lC2I18DfqWdx49z6Bga:72xR9AV3O+7sgzp+8fdxZ
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-