Overview

overview

9

Static

static

3

b2b30c113c...18.exe

windows7-x64

9

b2b30c113c...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    b2b30c113c229e0e2b421388f11051b4_JaffaCakes118

  • Size

    255KB

  • Sample

    240821-jyhe8sxgjb

  • MD5

    b2b30c113c229e0e2b421388f11051b4

  • SHA1

    d35908f433bf6fbee906395455019b3af2416971

  • SHA256

    47807a2009bb7e19a88ee36eafd29f0e73011ff2d136d0ed88d79a3b97f8c152

  • SHA512

    15d96b30f4a94640c65859d7d9728aab175a93e1f5d2d488782312d762a5231e036dff9575f1fecff61cfcffb87f2740d2843a909dcae5a0bbd4b0b6aad60439

  • SSDEEP

    6144:sIQo+g3ENykfjMkLO7u6uYm3wD33DVbN:r532TLWZWS33xb

Score
9/10
collectiondiscovery

Malware Config

Targets

    • Target

      b2b30c113c229e0e2b421388f11051b4_JaffaCakes118

    • Size

      255KB

    • MD5

      b2b30c113c229e0e2b421388f11051b4

    • SHA1

      d35908f433bf6fbee906395455019b3af2416971

    • SHA256

      47807a2009bb7e19a88ee36eafd29f0e73011ff2d136d0ed88d79a3b97f8c152

    • SHA512

      15d96b30f4a94640c65859d7d9728aab175a93e1f5d2d488782312d762a5231e036dff9575f1fecff61cfcffb87f2740d2843a909dcae5a0bbd4b0b6aad60439

    • SSDEEP

      6144:sIQo+g3ENykfjMkLO7u6uYm3wD33DVbN:r532TLWZWS33xb

    Score
    9/10
    collectiondiscovery

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Deletes itself

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks