General
-
Target
deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118
-
Size
164KB
-
Sample
240913-xhsg6asdql
-
MD5
deb1e328feb39c49c0a39cd37d4f7792
-
SHA1
8e05cfa7ad3e238fd5350129793af88db3bcb775
-
SHA256
790143973633f4d4495230b2d855f5a146123a690e65efc7f3a791295346bc59
-
SHA512
684ec6fe1629bcdb49b46d42d284f3b03973b9eba6a87d7a5b3ed4a90ed837e7c6ad42ee08095e8f07c66f32c9f09fe46b18b243a91f0f8eac808a680bc0d756
-
SSDEEP
3072:2SjhqkvgAe7swGXFmXvU7Y98MSGRw1md5ohPQ1DHzQkQqQFwBXHNG+:FHgjaE9fSGR968U
Static task
static1
Behavioral task
behavioral1
Sample
deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
hancitor
0902_ntcwe4
http://sibetaver.com/8/forum.php
http://ceirsitsin.ru/8/forum.php
http://formawas.ru/8/forum.php
Targets
-
-
Target
deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118
-
Size
164KB
-
MD5
deb1e328feb39c49c0a39cd37d4f7792
-
SHA1
8e05cfa7ad3e238fd5350129793af88db3bcb775
-
SHA256
790143973633f4d4495230b2d855f5a146123a690e65efc7f3a791295346bc59
-
SHA512
684ec6fe1629bcdb49b46d42d284f3b03973b9eba6a87d7a5b3ed4a90ed837e7c6ad42ee08095e8f07c66f32c9f09fe46b18b243a91f0f8eac808a680bc0d756
-
SSDEEP
3072:2SjhqkvgAe7swGXFmXvU7Y98MSGRw1md5ohPQ1DHzQkQqQFwBXHNG+:FHgjaE9fSGR968U
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-