General
-
Target
8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118
-
Size
1.6MB
-
Sample
241104-f1zwhsvclf
-
MD5
8f5d322127aded9b0c394b720d91d0d3
-
SHA1
4e8d8e52e745a3de063efc3875a3c6e4d0712afe
-
SHA256
0213a9641d7bc86ff09c1a506f4a9f1470663f941e931f983556fa3fe1db15ea
-
SHA512
fedd9dedfddd068db4df2ecd25c6357d39f7b25c08725604e2c7716b80a5f0af002bbfa9938f10bac18d01936469d08f7445bd2a5155c6a5fd7ac6523c5ac4a9
-
SSDEEP
24576:+dKwjlw0EOy+1vTbqRFLHYrU0VVOqQF6KXNadaIVVEofxg7TYXv7ZUUt4FI:+dH60Ev+ZKFrYw0WDI/7fJXv7ZUdq
Static task
static1
Behavioral task
behavioral1
Sample
8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118
-
Size
1.6MB
-
MD5
8f5d322127aded9b0c394b720d91d0d3
-
SHA1
4e8d8e52e745a3de063efc3875a3c6e4d0712afe
-
SHA256
0213a9641d7bc86ff09c1a506f4a9f1470663f941e931f983556fa3fe1db15ea
-
SHA512
fedd9dedfddd068db4df2ecd25c6357d39f7b25c08725604e2c7716b80a5f0af002bbfa9938f10bac18d01936469d08f7445bd2a5155c6a5fd7ac6523c5ac4a9
-
SSDEEP
24576:+dKwjlw0EOy+1vTbqRFLHYrU0VVOqQF6KXNadaIVVEofxg7TYXv7ZUUt4FI:+dH60Ev+ZKFrYw0WDI/7fJXv7ZUdq
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of SetThreadContext
-