General
-
Target
179b219afa2ac15b14affd399273148b_JaffaCakes118
-
Size
700KB
-
Sample
241006-lwzmvasbmb
-
MD5
179b219afa2ac15b14affd399273148b
-
SHA1
00c21b3b3400b2296d773966630f5a2a9f325652
-
SHA256
590397ffebbc978f25e3d0c1faefcd710a6321884f1155f450f148e1fee3062b
-
SHA512
1ae8c495c1394b6e79887f481699f6b00f9f9209df5beb5732f12bb6adbbc702ade681db5a980d11818621ad5bfaebb16ace58141dd9e4470766fa60cfe8d560
-
SSDEEP
12288:qFDv2ytr/45N0jZ3D3seqRxQaB7tOHoUvBK:qFyyBQiB3zq3Qu7tOBw
Static task
static1
Behavioral task
behavioral1
Sample
179b219afa2ac15b14affd399273148b_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
179b219afa2ac15b14affd399273148b_JaffaCakes118
-
Size
700KB
-
MD5
179b219afa2ac15b14affd399273148b
-
SHA1
00c21b3b3400b2296d773966630f5a2a9f325652
-
SHA256
590397ffebbc978f25e3d0c1faefcd710a6321884f1155f450f148e1fee3062b
-
SHA512
1ae8c495c1394b6e79887f481699f6b00f9f9209df5beb5732f12bb6adbbc702ade681db5a980d11818621ad5bfaebb16ace58141dd9e4470766fa60cfe8d560
-
SSDEEP
12288:qFDv2ytr/45N0jZ3D3seqRxQaB7tOHoUvBK:qFyyBQiB3zq3Qu7tOBw
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-