General
-
Target
e86b888ecea9692c31348554c521383d_JaffaCakes118
-
Size
557KB
-
Sample
240408-zyyefsbh77
-
MD5
e86b888ecea9692c31348554c521383d
-
SHA1
59b2cbeb270908c441fd42d65664a820c71f2a70
-
SHA256
962a4193daff6b2f63d74054afef07f91d0c187f5191cb7d13eb1cce3af4e31f
-
SHA512
e6f2dda5fd62024faf1dd18fe31efc1d4cd71bf607adeac38d7dd11742fda0b40ce5621548390bad408b4c632a3745fa964372e10001b5522270d9af11e678c4
-
SSDEEP
12288:cTY6maNikdruhUIfVjKzC/9zGW4kmYqCViIatmg5nCZ+qzA8n9EwoO:B2ikpIfhKu8cqCViI08W89u
Static task
static1
Behavioral task
behavioral1
Sample
e86b888ecea9692c31348554c521383d_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
hairdx22.top
morqoi02.top
-
payload_url
http://zelpdo03.top/download.php?file=lv.exe
Targets
-
-
Target
e86b888ecea9692c31348554c521383d_JaffaCakes118
-
Size
557KB
-
MD5
e86b888ecea9692c31348554c521383d
-
SHA1
59b2cbeb270908c441fd42d65664a820c71f2a70
-
SHA256
962a4193daff6b2f63d74054afef07f91d0c187f5191cb7d13eb1cce3af4e31f
-
SHA512
e6f2dda5fd62024faf1dd18fe31efc1d4cd71bf607adeac38d7dd11742fda0b40ce5621548390bad408b4c632a3745fa964372e10001b5522270d9af11e678c4
-
SSDEEP
12288:cTY6maNikdruhUIfVjKzC/9zGW4kmYqCViIatmg5nCZ+qzA8n9EwoO:B2ikpIfhKu8cqCViI08W89u
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-