General
-
Target
JaffaCakes118_2a0605fe6ee89eb3b394d0181b5d409bcbf08f9642082d196b51c7a0fc3bf6c8
-
Size
282KB
-
Sample
241222-l8zhlstpes
-
MD5
ae6b234a8759fb218e24102837520f4c
-
SHA1
bf3935fd05b5034e7af1c355e1bb74124e55e0cf
-
SHA256
2a0605fe6ee89eb3b394d0181b5d409bcbf08f9642082d196b51c7a0fc3bf6c8
-
SHA512
1f388e718b148a66bb19f452fafcd6de3ff90073dd7695930fb0f608062351d3c6b79a26c791f0c9f087a106607f590a8af26991a0a2aa046252cffaabba6ea2
-
SSDEEP
6144:lbW4q/Q6by7mtt/SrIiyCz95BQ/L64vG20/CAU2XuEGUnfag:Vxq/Q6bfdWIiykS/mPCAU2+EGUnfH
Static task
static1
Behavioral task
behavioral1
Sample
fdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
FDGDFG34T43TT345T345TT3
Targets
-
-
Target
fdf.bin
-
Size
506KB
-
MD5
f36535a73f8c6869ded283234f2a923f
-
SHA1
9444e7fe027d743af732a27be3a4ae9dc0de1ced
-
SHA256
23127973f0d6b1322ccf49e092cb5ff53e4859fb31ee6b09b6f9c8b5d3e19073
-
SHA512
66e4af59d35a9f33cfe598c3664eb2e7d7f80ed54b6bc49ad97b3baec15accb78e4f926b6d6f921ece628381e85879a6ca435cbee6c74f60e3f4ba4235417fda
-
SSDEEP
6144:WysbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9/II:rsQtqB5urTIoYWBQk1E+VF9mOx9t
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-