General
-
Target
fb3979eb83af289613f3b9e1d3d9d321_JaffaCakes118
-
Size
5.9MB
-
Sample
240419-1jhwwsha8w
-
MD5
fb3979eb83af289613f3b9e1d3d9d321
-
SHA1
e37864e9c6999ebffa63a1325ea6b45e7d8d192e
-
SHA256
5a6ffc20b491863e71a8f624114d50d806b1a76f51d1f3d52dc1ade90e403e4e
-
SHA512
9f729954fc827a8dfbe2bdc161bbc4435c77f154479884c0ba97a7f867dd08ad9a989bd8da2d5e83482f048d0f9b5c16beef1d13ec3771fcdc17fa35a33c537c
-
SSDEEP
98304:UGFb27sv/NX3KYYqiONU6hgPnDOM5Wssdv1P3T4pAeQ37bY81IIM39CPoOQxoMvX:7Q72pKYpiXPDhkRRZaIM39GooMaG
Malware Config
Targets
-
-
Target
fb3979eb83af289613f3b9e1d3d9d321_JaffaCakes118
-
Size
5.9MB
-
MD5
fb3979eb83af289613f3b9e1d3d9d321
-
SHA1
e37864e9c6999ebffa63a1325ea6b45e7d8d192e
-
SHA256
5a6ffc20b491863e71a8f624114d50d806b1a76f51d1f3d52dc1ade90e403e4e
-
SHA512
9f729954fc827a8dfbe2bdc161bbc4435c77f154479884c0ba97a7f867dd08ad9a989bd8da2d5e83482f048d0f9b5c16beef1d13ec3771fcdc17fa35a33c537c
-
SSDEEP
98304:UGFb27sv/NX3KYYqiONU6hgPnDOM5Wssdv1P3T4pAeQ37bY81IIM39CPoOQxoMvX:7Q72pKYpiXPDhkRRZaIM39GooMaG
Score7/10-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-