General
-
Target
6487a33d914f0ae80009e851ea7fa9b7_JaffaCakes118
-
Size
177KB
-
Sample
240521-yfph6agd34
-
MD5
6487a33d914f0ae80009e851ea7fa9b7
-
SHA1
dcfe67dd379a9dcb2c616587bbb71c98a44e932f
-
SHA256
9c5b8a06419e96e0fd25a4e66b75843f6363cc0d8aaa956a07c60d0b2ba9b4b9
-
SHA512
35f7ab23e094d5eb36b2c092ea8ab1674dd26336b75cff67cedfda12f9d7488a0d303bc1951a2e7651d21ecbc1f8351b50cf77f9e6f0f0ad369dbf2fea41a081
-
SSDEEP
3072:kJxMcrKT7SlP/baNKZrDDwzW57X2Dv1LVZy0KT9ZJF+I7DnMxv:itqjNKBDDbo1/yNzJFI
Static task
static1
Behavioral task
behavioral1
Sample
6487a33d914f0ae80009e851ea7fa9b7_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6487a33d914f0ae80009e851ea7fa9b7_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
netwire
clients.enigmasolutions.xyz:54579
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
Client-%Rand%
-
install_path
%AppData%\Microsoft\Crypto\service.exe
-
keylogger_dir
%AppData%\msv\
-
lock_executable
false
-
offline_keylogger
true
-
password
\tx>N(6H`Om2k/cWJBp,""bUbAd1-0Mg
-
registry_autorun
true
-
startup_name
service
-
use_mutex
false
Targets
-
-
Target
6487a33d914f0ae80009e851ea7fa9b7_JaffaCakes118
-
Size
177KB
-
MD5
6487a33d914f0ae80009e851ea7fa9b7
-
SHA1
dcfe67dd379a9dcb2c616587bbb71c98a44e932f
-
SHA256
9c5b8a06419e96e0fd25a4e66b75843f6363cc0d8aaa956a07c60d0b2ba9b4b9
-
SHA512
35f7ab23e094d5eb36b2c092ea8ab1674dd26336b75cff67cedfda12f9d7488a0d303bc1951a2e7651d21ecbc1f8351b50cf77f9e6f0f0ad369dbf2fea41a081
-
SSDEEP
3072:kJxMcrKT7SlP/baNKZrDDwzW57X2Dv1LVZy0KT9ZJF+I7DnMxv:itqjNKBDDbo1/yNzJFI
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-