General
-
Target
dcb8e0640484622cc9be805af0f25dbc_JaffaCakes118
-
Size
788KB
-
Sample
240912-v6qblawbpb
-
MD5
dcb8e0640484622cc9be805af0f25dbc
-
SHA1
554b36857f71b97390fe7a8801adf8a644664043
-
SHA256
08b4b02d8bbd6a761ab43a422865b76cb5a3b55d6a7974ea15bda8c947e818d3
-
SHA512
b537215949496079aec43bd6b4286a515101a0f452409cb8e6b393a51ab1e11e46b58f430d4f507f84e4ad74f0f223e0bb7a42d47ec896d9b4d7a4107123cb04
-
SSDEEP
12288:AYV6MorX7qzuC3QHO9FQVHPF51jgc4S4Wd+UqBvtcHYM6l47MBfxN:fBXu9HGaVHJtd+Jv6YDl47M1
Behavioral task
behavioral1
Sample
dcb8e0640484622cc9be805af0f25dbc_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
netwire
havemercy.mooo.com:9002
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
IFA MIsss
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
HMdWXXsj
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
dcb8e0640484622cc9be805af0f25dbc_JaffaCakes118
-
Size
788KB
-
MD5
dcb8e0640484622cc9be805af0f25dbc
-
SHA1
554b36857f71b97390fe7a8801adf8a644664043
-
SHA256
08b4b02d8bbd6a761ab43a422865b76cb5a3b55d6a7974ea15bda8c947e818d3
-
SHA512
b537215949496079aec43bd6b4286a515101a0f452409cb8e6b393a51ab1e11e46b58f430d4f507f84e4ad74f0f223e0bb7a42d47ec896d9b4d7a4107123cb04
-
SSDEEP
12288:AYV6MorX7qzuC3QHO9FQVHPF51jgc4S4Wd+UqBvtcHYM6l47MBfxN:fBXu9HGaVHJtd+Jv6YDl47M1
-
NetWire RAT payload
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-