General
-
Target
884bd50b738afa22f4c1835a475109d5_JaffaCakes118
-
Size
372KB
-
Sample
241102-22r3ysxhqg
-
MD5
884bd50b738afa22f4c1835a475109d5
-
SHA1
cf605fce6fb52527a408e6041312543d79a9ccf9
-
SHA256
ea1030d051ca52f28349414c9427280caac09dd6aa8e47a73d377a7905f49a29
-
SHA512
5c594fb3bf6ee8fbbfe12cbb2a69ec5a0c5b37e2ef23fcfbcbb81a9ea702dbd66afbf16f1144186e0703a19bfd6deb0409ceebd435d0ea41f3ba659cf4014ebc
-
SSDEEP
6144:FIokpJLoDgS4UnFT/uHCKrxQluj9zsOqSJV+63LsnMDQDhkhLsAkO16B0uk+0Szm:F+pJLoMbUnFTQCKkLSJT3AMDQDhkhLso
Static task
static1
Behavioral task
behavioral1
Sample
FLASH_~2.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FLASH_~2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
FLASH_~3.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
FLASH_~3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
FLASH_~2.EXE
-
Size
676KB
-
MD5
91aa1cdcda9d5fd08f2266e6be65642c
-
SHA1
aaa306441b78c9e9a59b59933f0b4f3359f30d40
-
SHA256
ed563ed6382b79ff1196153bc7c51be7e64612b69172ac2d4605fdfd3a0f1241
-
SHA512
d26641fa9f81f1d0b1f6e2521dc46c078656a0763e18d5ada38515accefaee75e0333853bd082981b2ca8f3429d12042b264cc7b0ad62b6b28baf456d7a774a0
-
SSDEEP
12288:VjyfHS3Y0L/6LSJL3oMDQXh8XLsJOBukp:NyfHS2SN328Xgyr
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-
-
-
Target
FLASH_~3.EXE
-
Size
456KB
-
MD5
e4c86934e59605703236a2961b3d350f
-
SHA1
ad9bc4d12ec0e4c4a980f80d57e418e58afdda7f
-
SHA256
d2d6f4fea51a4b68506df40f6f1d3b88892460a5e6e3d523aa09a8254332ff6c
-
SHA512
37feee4aa8e7cb5577949455758c3a4ae55bfb9f511448135067b99861af176bd8217dd8cb86dae1195d26cb59b136028ba6221960279cda4d2e49941f9dd054
-
SSDEEP
3072:v3u33F4wcra4aUHqy50tS6XW2az/WsVJNmfrXl9b0S571WF3dCYGVwSLcimlajb:Lw2ajyiWz7KXsS55VrLcimlaf
Score5/10-
Suspicious use of SetThreadContext
-