General
-
Target
d658fc04f5eb9b2f7984579d4b8d8322_JaffaCakes118
-
Size
264KB
-
Sample
240405-rtvtrsed7w
-
MD5
d658fc04f5eb9b2f7984579d4b8d8322
-
SHA1
905e42f62ce86570abd70081185c969574fe64ed
-
SHA256
472e40357bbd9c18824abf10157d6482b8d853cdef7267b723e5d887b54e00ee
-
SHA512
3242e71dd101cbbc54e0136922424f4faf64bdcee2e37adde5ec9247bab30b5c5fcc611c26e9a2816ce56adbb44d4b707363ddbf8f7852563aa308690b9c1adb
-
SSDEEP
3072:vm65Lk903DaYlAYwgz88ereWn/7w05g0dMcB3RUN46ILJ9+ZB5yOanhS:vmo3DaYlAJ8er1nzTMriS
Malware Config
Extracted
latam_generic_downloader
https://pqlaksmc.s3.sa-east-1.amazonaws.com/gweek.visio
Targets
-
-
Target
d658fc04f5eb9b2f7984579d4b8d8322_JaffaCakes118
-
Size
264KB
-
MD5
d658fc04f5eb9b2f7984579d4b8d8322
-
SHA1
905e42f62ce86570abd70081185c969574fe64ed
-
SHA256
472e40357bbd9c18824abf10157d6482b8d853cdef7267b723e5d887b54e00ee
-
SHA512
3242e71dd101cbbc54e0136922424f4faf64bdcee2e37adde5ec9247bab30b5c5fcc611c26e9a2816ce56adbb44d4b707363ddbf8f7852563aa308690b9c1adb
-
SSDEEP
3072:vm65Lk903DaYlAYwgz88ereWn/7w05g0dMcB3RUN46ILJ9+ZB5yOanhS:vmo3DaYlAJ8er1nzTMriS
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-