General
-
Target
41de5265d4fcee93211b5e59337288f9_JaffaCakes118
-
Size
778KB
-
Sample
240713-qrgzfsserk
-
MD5
41de5265d4fcee93211b5e59337288f9
-
SHA1
2fd864b167ec512b99a27dbabade708beac2c58a
-
SHA256
df76b8c954d1e3eb3845bc39321c78ef16b19940a6231c4f8a215facd8a95dc2
-
SHA512
17c6f7e51ff4a9fe13cc6bf42ce96e336ee70741794a74ae537f1e2e9768b6410cf8960dfec62fced911c29bba62f1d12506f81a36be129b7b50df97f3e77a57
-
SSDEEP
24576:/CbYQjoBr3Ja6r5JOxDiftrUKKKKKOKKKKKOKKKKKOKKKKKOKKKKKOKKKKKOKKKi:EoBcc5D1IKKKKKOKKKKKOKKKKKOKKKKX
Static task
static1
Behavioral task
behavioral1
Sample
41de5265d4fcee93211b5e59337288f9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
41de5265d4fcee93211b5e59337288f9_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1661665424:AAEiBiIUQaRW3fQnfdJqLcP54hhWV9JkRpw/sendMessage?chat_id=1644987559
Targets
-
-
Target
41de5265d4fcee93211b5e59337288f9_JaffaCakes118
-
Size
778KB
-
MD5
41de5265d4fcee93211b5e59337288f9
-
SHA1
2fd864b167ec512b99a27dbabade708beac2c58a
-
SHA256
df76b8c954d1e3eb3845bc39321c78ef16b19940a6231c4f8a215facd8a95dc2
-
SHA512
17c6f7e51ff4a9fe13cc6bf42ce96e336ee70741794a74ae537f1e2e9768b6410cf8960dfec62fced911c29bba62f1d12506f81a36be129b7b50df97f3e77a57
-
SSDEEP
24576:/CbYQjoBr3Ja6r5JOxDiftrUKKKKKOKKKKKOKKKKKOKKKKKOKKKKKOKKKKKOKKKi:EoBcc5D1IKKKKKOKKKKKOKKKKKOKKKKX
Score10/10-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-