General
-
Target
ad31ffd4615e898c83eaa1bda25ece3b_JaffaCakes118
-
Size
706KB
-
Sample
240820-aq4ttsxhkj
-
MD5
ad31ffd4615e898c83eaa1bda25ece3b
-
SHA1
996805b70e685b1f00738bbe1d5bc4b7393a5ff9
-
SHA256
10d8e6e484170df49aee7c47d7c0b74b0c5626e91d0c61ae90defb9c91f28d28
-
SHA512
1b945ef9e98d94b6ecb35ded532804d5c3ea2b87b91a24279337ec4a27aa35fbd78e6ed8edbdfbde901d8f37b38fb73867a0a44d7e3f412a0ec1099b4908b174
-
SSDEEP
12288:9ZQM7vd1aZ3u43ogNiiIBTr30O0FQAkcdlLOGCzf3DHBOQJyWoCGNOqK8V:jQil83V/irTr30O0ugqG03DH4QJ3INOw
Malware Config
Extracted
Protocol: smtp- Host:
mail.maccinox.com - Port:
587 - Username:
[email protected] - Password:
peru2016
Targets
-
-
Target
orden de compra.exe
-
Size
834KB
-
MD5
82ce2f8364d3dca44267a6b049b4a070
-
SHA1
091df496943099bfe2f03c5a0d53789ed89f094e
-
SHA256
ae6ad2297366fb5194e553992732f0a5740de2c5fe4b7be56fd2e1a52cb915c4
-
SHA512
3ee34812e076f7b835ddc99fd79f5585a7cb6471e632a9ab17dc0d41c701565c75bb0ee96a13cb9e8e9b67a4c3e3dcb29066df0878b8c8de5e403102681cc9e4
-
SSDEEP
12288:Ygs1igEFKsIHLJ+lyMziSR9De65ASncRoLoXTerD7FJTO187Du0lvBbczjQgykMQ:BFKLriziS1NtoqrLTO8DdB+7M2ygp
Score10/10-
404 Keylogger
Information stealer and keylogger first seen in 2019.
-
404 Keylogger Main Executable
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-