General
-
Target
f55837c70c1d870facd7cf263c0c4258_JaffaCakes118
-
Size
138KB
-
Sample
240925-gp6qcssapc
-
MD5
f55837c70c1d870facd7cf263c0c4258
-
SHA1
ea9ed68d74a344b2f5acb52bdb2a785ff13fbd2c
-
SHA256
a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46
-
SHA512
789bc3347986d20ce3744706d40ac656304466b889c9564c25ef4fbdf67aaf80c743bdd2e7540f3b35f44ebe447995797bfa5603f4ebe768ac20084a69227222
-
SSDEEP
1536:Sd8MIMZT8M4FWSclUFRzFO9phaLRgOzl3OZdmzZZ/NFS46Glvs5W1swQ0:SybMF8h0qFbg8WOzZkqZZFFS4d31sR
Static task
static1
Behavioral task
behavioral1
Sample
f55837c70c1d870facd7cf263c0c4258_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f55837c70c1d870facd7cf263c0c4258_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
hancitor
1812_78213
http://unceliet.com/4/forum.php
http://fitiondice.ru/4/forum.php
http://wordlegromin.ru/4/forum.php
Targets
-
-
Target
f55837c70c1d870facd7cf263c0c4258_JaffaCakes118
-
Size
138KB
-
MD5
f55837c70c1d870facd7cf263c0c4258
-
SHA1
ea9ed68d74a344b2f5acb52bdb2a785ff13fbd2c
-
SHA256
a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46
-
SHA512
789bc3347986d20ce3744706d40ac656304466b889c9564c25ef4fbdf67aaf80c743bdd2e7540f3b35f44ebe447995797bfa5603f4ebe768ac20084a69227222
-
SSDEEP
1536:Sd8MIMZT8M4FWSclUFRzFO9phaLRgOzl3OZdmzZZ/NFS46Glvs5W1swQ0:SybMF8h0qFbg8WOzZkqZZFFS4d31sR
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-