General
-
Target
f9b8d50db4d2cfcd06b0b5050d3593a9_JaffaCakes118
-
Size
860KB
-
Sample
240419-he9vpsca81
-
MD5
f9b8d50db4d2cfcd06b0b5050d3593a9
-
SHA1
c948f98aec89d6237c969e87c4f8dc609e1147b6
-
SHA256
c6e50f8a53feb6b09d74327618c7c4df885b72f4e967cb8eac905a2627307dc5
-
SHA512
1c5331d685e55d50962f7bf86d6b85d8dbb3e5ad1ae74e4a028f199a84c45c21d1fb1f51c88c11e6a9a7203cc1818428df77b1a64aa1b416601e3de5cfc348d4
-
SSDEEP
24576:RpclO4O7rm2rwvsCabUuYCvly8OqgCNy+1:Bq2jCw5YC9y8OxCNyU
Static task
static1
Behavioral task
behavioral1
Sample
f9b8d50db4d2cfcd06b0b5050d3593a9_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
f9b8d50db4d2cfcd06b0b5050d3593a9_JaffaCakes118
-
Size
860KB
-
MD5
f9b8d50db4d2cfcd06b0b5050d3593a9
-
SHA1
c948f98aec89d6237c969e87c4f8dc609e1147b6
-
SHA256
c6e50f8a53feb6b09d74327618c7c4df885b72f4e967cb8eac905a2627307dc5
-
SHA512
1c5331d685e55d50962f7bf86d6b85d8dbb3e5ad1ae74e4a028f199a84c45c21d1fb1f51c88c11e6a9a7203cc1818428df77b1a64aa1b416601e3de5cfc348d4
-
SSDEEP
24576:RpclO4O7rm2rwvsCabUuYCvly8OqgCNy+1:Bq2jCw5YC9y8OxCNyU
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-