General
-
Target
d1342307e1427bc8e5d53d91429b5941_JaffaCakes118
-
Size
720KB
-
Sample
240907-gdv5gsxglf
-
MD5
d1342307e1427bc8e5d53d91429b5941
-
SHA1
175468d42f334b6b915544fb36b042fad1c0aa14
-
SHA256
4701fd60ff0ab0a780456b63c3613b8c8c06a7be8a05edd7184997d7cc8833d8
-
SHA512
3b0181a1a189e74a5e3306879d5713d766af117f1677e1bdd37d3289c665a6fa45ca52c0f5b19f1c30f042f8bc4346b0ea9188700d973576de84d4fb0a06bee8
-
SSDEEP
12288:aQafdzxX8Z13ZPL87UMs+GhrFqH6Yn2RPBGVpcIgqkyICuhFMURhZzSWJj:ydzxOr87UMs+GNFg6YnQPB+eN9CgMyZH
Malware Config
Targets
-
-
Target
d1342307e1427bc8e5d53d91429b5941_JaffaCakes118
-
Size
720KB
-
MD5
d1342307e1427bc8e5d53d91429b5941
-
SHA1
175468d42f334b6b915544fb36b042fad1c0aa14
-
SHA256
4701fd60ff0ab0a780456b63c3613b8c8c06a7be8a05edd7184997d7cc8833d8
-
SHA512
3b0181a1a189e74a5e3306879d5713d766af117f1677e1bdd37d3289c665a6fa45ca52c0f5b19f1c30f042f8bc4346b0ea9188700d973576de84d4fb0a06bee8
-
SSDEEP
12288:aQafdzxX8Z13ZPL87UMs+GhrFqH6Yn2RPBGVpcIgqkyICuhFMURhZzSWJj:ydzxOr87UMs+GNFg6YnQPB+eN9CgMyZH
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of SetThreadContext
-