General
-
Target
cfdab97a39bca1372a69212c37d97113_JaffaCakes118
-
Size
364KB
-
Sample
241207-a4hthsspaj
-
MD5
cfdab97a39bca1372a69212c37d97113
-
SHA1
c03ad7e8a7f967feddbcee3cf6824f3bb751d479
-
SHA256
f6f035624c49ffcc9f49643de0da166a4281c6003605c2e1cb1d9cca94d7acf3
-
SHA512
33df9555105f9d5693064303b8e89a8541f313ff78161db84db95eab544fc3eccfa13208743b388a525574b894f454558cf28b145943af3b98c0f224de4f3d3b
-
SSDEEP
6144:JYb//1PxwEdIKCC0ef//uXltKc+LVsz9b8R4jvLXouVS7zCSyWqR:7EdFeCXuLKcCVsz6SDLXozzxy
Malware Config
Targets
-
-
Target
cfdab97a39bca1372a69212c37d97113_JaffaCakes118
-
Size
364KB
-
MD5
cfdab97a39bca1372a69212c37d97113
-
SHA1
c03ad7e8a7f967feddbcee3cf6824f3bb751d479
-
SHA256
f6f035624c49ffcc9f49643de0da166a4281c6003605c2e1cb1d9cca94d7acf3
-
SHA512
33df9555105f9d5693064303b8e89a8541f313ff78161db84db95eab544fc3eccfa13208743b388a525574b894f454558cf28b145943af3b98c0f224de4f3d3b
-
SSDEEP
6144:JYb//1PxwEdIKCC0ef//uXltKc+LVsz9b8R4jvLXouVS7zCSyWqR:7EdFeCXuLKcCVsz6SDLXozzxy
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-