General
-
Target
84c300482eb9f553b70f828b382a8c11_JaffaCakes118
-
Size
7.0MB
-
Sample
241102-dfswcszlhl
-
MD5
84c300482eb9f553b70f828b382a8c11
-
SHA1
a811ddf079f520f450cb9c6d18b03acdbc01087e
-
SHA256
02c5443aa1c91d0ef0a98ac6fb430f9c8b506a8fcf4f267cb7ef14599965c8f7
-
SHA512
e8d811a71a42fdf0bc4bf7075dc36eba1c5ccbf585c6291b1eb9e6a1a8e837959cf397975492e90d58ce3bc36760dec7a1ca27efdbe41178d29b33d0ea821762
-
SSDEEP
196608:Ie9FwNiOTh3MZTTrULbXV2xs5H1sAyy9cdz0rwzhUKHPD8:hUiO2lUfVAwVsveKVzhUKv
Static task
static1
Behavioral task
behavioral1
Sample
84c300482eb9f553b70f828b382a8c11_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
84c300482eb9f553b70f828b382a8c11_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
voluminousk
Targets
-
-
Target
84c300482eb9f553b70f828b382a8c11_JaffaCakes118
-
Size
7.0MB
-
MD5
84c300482eb9f553b70f828b382a8c11
-
SHA1
a811ddf079f520f450cb9c6d18b03acdbc01087e
-
SHA256
02c5443aa1c91d0ef0a98ac6fb430f9c8b506a8fcf4f267cb7ef14599965c8f7
-
SHA512
e8d811a71a42fdf0bc4bf7075dc36eba1c5ccbf585c6291b1eb9e6a1a8e837959cf397975492e90d58ce3bc36760dec7a1ca27efdbe41178d29b33d0ea821762
-
SSDEEP
196608:Ie9FwNiOTh3MZTTrULbXV2xs5H1sAyy9cdz0rwzhUKHPD8:hUiO2lUfVAwVsveKVzhUKv
Score10/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1