General
-
Target
f2ddbf593dd711b6325e35ab250d82e9_JaffaCakes118
-
Size
176KB
-
Sample
240416-gyzy6sbb23
-
MD5
f2ddbf593dd711b6325e35ab250d82e9
-
SHA1
61b2134621ebe8f5f7f2daee79ea2916912f4207
-
SHA256
ca8ab0f7d40622ad0de7262c2e025ceca1c60a865e490259a7763de2deeb4192
-
SHA512
eadc3510ac26b1b5105ecdd134533e1a50bcb0d9dcfa51156deaa7e00de955e361ccb0831c2392eda1a94b9b2500ece114839c32930820ca2d89c25b67173122
-
SSDEEP
3072:qe/A6H1aVyPOrX8aLdQkOXhQoJprLInHeLpHPIEZ2ofSsMo8m0ghHxdR:LQVyas0dytJprLkHWtI/4Hl
Malware Config
Targets
-
-
Target
f2ddbf593dd711b6325e35ab250d82e9_JaffaCakes118
-
Size
176KB
-
MD5
f2ddbf593dd711b6325e35ab250d82e9
-
SHA1
61b2134621ebe8f5f7f2daee79ea2916912f4207
-
SHA256
ca8ab0f7d40622ad0de7262c2e025ceca1c60a865e490259a7763de2deeb4192
-
SHA512
eadc3510ac26b1b5105ecdd134533e1a50bcb0d9dcfa51156deaa7e00de955e361ccb0831c2392eda1a94b9b2500ece114839c32930820ca2d89c25b67173122
-
SSDEEP
3072:qe/A6H1aVyPOrX8aLdQkOXhQoJprLInHeLpHPIEZ2ofSsMo8m0ghHxdR:LQVyas0dytJprLkHWtI/4Hl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-