General
-
Target
45e19643060ed35c221ba014416a38d3_JaffaCakes118
-
Size
4.2MB
-
Sample
240729-pdcbdasbnf
-
MD5
45e19643060ed35c221ba014416a38d3
-
SHA1
bb0a33458a714d36f8bcce3d777b8d28978ea9ff
-
SHA256
323a3c53d2e325fb589a702bea7b8c2f3a5e8c1cc4602b3c0cf1ed00cb9b730a
-
SHA512
9c1feb753f516a6e49ba89eb3f736ef15373856b3b9196df5cf3726675cea1e88b77fbcb45eb71cfb5033ee957dae99deb44708d448dcee9310bb187f83e0423
-
SSDEEP
98304:HZhiav3/r1ifv9HttDqEa1PNq66RaTbrOg:HL3/r1Ut0EuNjE
Behavioral task
behavioral1
Sample
45e19643060ed35c221ba014416a38d3_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
45e19643060ed35c221ba014416a38d3_JaffaCakes118
-
Size
4.2MB
-
MD5
45e19643060ed35c221ba014416a38d3
-
SHA1
bb0a33458a714d36f8bcce3d777b8d28978ea9ff
-
SHA256
323a3c53d2e325fb589a702bea7b8c2f3a5e8c1cc4602b3c0cf1ed00cb9b730a
-
SHA512
9c1feb753f516a6e49ba89eb3f736ef15373856b3b9196df5cf3726675cea1e88b77fbcb45eb71cfb5033ee957dae99deb44708d448dcee9310bb187f83e0423
-
SSDEEP
98304:HZhiav3/r1ifv9HttDqEa1PNq66RaTbrOg:HL3/r1Ut0EuNjE
-
Detect Fabookie payload
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-