General
-
Target
JaffaCakes118_39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d
-
Size
749.8MB
-
Sample
241225-a23e5sslbv
-
MD5
2b09d7bb9cf9886f81f103558dbefa43
-
SHA1
8c70736bdb52305d3e295ff54547b3387778166e
-
SHA256
39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d
-
SHA512
98b721dc222f4ac91ea63921b7c265fe67c0f7d96693a426d8fa7ce2ee0e2ff2237bae7bfac679e5735c031d45019caf450555816ac1ea948c0d668d667900b4
-
SSDEEP
49152:kBuZrEUPwGjLiIX1LJLJZ2iZ3vxm3c7ld:6kLPwwLTXjXvm3ch
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
default
http://185.161.248.78
-
url_path
/eba140b7c5f2f228.php
Targets
-
-
Target
JaffaCakes118_39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d
-
Size
749.8MB
-
MD5
2b09d7bb9cf9886f81f103558dbefa43
-
SHA1
8c70736bdb52305d3e295ff54547b3387778166e
-
SHA256
39a973d7341e94d962f89bf898ecb582d9798c7c8aad415551777aacbd18a90d
-
SHA512
98b721dc222f4ac91ea63921b7c265fe67c0f7d96693a426d8fa7ce2ee0e2ff2237bae7bfac679e5735c031d45019caf450555816ac1ea948c0d668d667900b4
-
SSDEEP
49152:kBuZrEUPwGjLiIX1LJLJZ2iZ3vxm3c7ld:6kLPwwLTXjXvm3ch
-
Detects Stealc stealer
-
Stealc family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-