General
-
Target
1d127ff0d7eba220d2d9d6ae7673a8a1_JaffaCakes118
-
Size
440KB
-
Sample
240702-albbqasdql
-
MD5
1d127ff0d7eba220d2d9d6ae7673a8a1
-
SHA1
74ebf5657b60b2ab5842a97fee272a5e55067fd8
-
SHA256
6149aeba7e6aebcda691b1af035ffb02862acd1802d91862dc003f2b3e5853c6
-
SHA512
d47246703527aa56f874519788e7058824ebdee6672640fd9a657bd36e801b0ce240d0fa33a85a524ea0a41edf3139d005923936096f7de1be12781deaa6efe4
-
SSDEEP
6144:PPIbLXMvTXbXhirS/ogSfRtZHGnewNzgvOJQvJuz3R6FnIxs0lAjol9TrBzQ:PogTfoP8nHFSuzkgTlAjoDB8
Static task
static1
Behavioral task
behavioral1
Sample
1d127ff0d7eba220d2d9d6ae7673a8a1_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1d127ff0d7eba220d2d9d6ae7673a8a1_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
1d127ff0d7eba220d2d9d6ae7673a8a1_JaffaCakes118
-
Size
440KB
-
MD5
1d127ff0d7eba220d2d9d6ae7673a8a1
-
SHA1
74ebf5657b60b2ab5842a97fee272a5e55067fd8
-
SHA256
6149aeba7e6aebcda691b1af035ffb02862acd1802d91862dc003f2b3e5853c6
-
SHA512
d47246703527aa56f874519788e7058824ebdee6672640fd9a657bd36e801b0ce240d0fa33a85a524ea0a41edf3139d005923936096f7de1be12781deaa6efe4
-
SSDEEP
6144:PPIbLXMvTXbXhirS/ogSfRtZHGnewNzgvOJQvJuz3R6FnIxs0lAjol9TrBzQ:PogTfoP8nHFSuzkgTlAjoDB8
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-