General
-
Target
bf77575e35353666d14f859329f809ca_JaffaCakes118
-
Size
6.2MB
-
Sample
240404-wzz3wsfc69
-
MD5
bf77575e35353666d14f859329f809ca
-
SHA1
bf6971bd549f142cbbc55af77ac62583c037dcf9
-
SHA256
90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd
-
SHA512
628268b5b9190dc3c358ce22d61e353b14c2cb3bf80a721072c5b9581a3fef87105b2041d7a3c178143e4fa2f7c5412463b9849ce1ca7932623272b0f3535736
-
SSDEEP
196608:L+gqLKB2pDcLmoduFZ1TS9zC262x7QDEMqQEd:L+jOB2pALm8i+H7+bqr
Malware Config
Targets
-
-
Target
bf77575e35353666d14f859329f809ca_JaffaCakes118
-
Size
6.2MB
-
MD5
bf77575e35353666d14f859329f809ca
-
SHA1
bf6971bd549f142cbbc55af77ac62583c037dcf9
-
SHA256
90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd
-
SHA512
628268b5b9190dc3c358ce22d61e353b14c2cb3bf80a721072c5b9581a3fef87105b2041d7a3c178143e4fa2f7c5412463b9849ce1ca7932623272b0f3535736
-
SSDEEP
196608:L+gqLKB2pDcLmoduFZ1TS9zC262x7QDEMqQEd:L+jOB2pALm8i+H7+bqr
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
DarkVNC
DarkVNC is a malicious version of the famous VNC software.
-
DarkVNC payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-