General
-
Target
f9e938e4cef7df9c20c9f831eedd1726_JaffaCakes118
-
Size
233KB
-
Sample
240419-kd4cmsdg6s
-
MD5
f9e938e4cef7df9c20c9f831eedd1726
-
SHA1
2ebc6f4c252a643b2f96906d9388fc96ff596352
-
SHA256
eb190bd517c5cf3cc43a52bdcf2c747dba4d114f2c291bc76ccc77a786caa85b
-
SHA512
e4e27ca6366ab1028f43eb6da387842e40536a1ff38cf92e70979d2eae52368fe8f1736876d1fdf0e5ac332bac5e35a627c57876426af8033c402e8c8d4e001a
-
SSDEEP
6144:rmCd3OSjS+ajrF0pFoxQfuscLyQorlOu3uFJ:NROxjupvftcu7lzeFJ
Static task
static1
Behavioral task
behavioral1
Sample
PLAY_M~1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PLAY_M~1.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
PLAY_M~2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
PLAY_M~2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
PLAY_M~1.EXE
-
Size
108KB
-
MD5
98094ee7c276311c0e42343eb0490c2a
-
SHA1
b7eda9913827d1a79904aeca8409004545a06cff
-
SHA256
6c08e8d6becf780b048cd4875ce7a97c91454d9f47c294a71c51dd820cd6c8ae
-
SHA512
30344279100a9957a1561cbe6d203a52cc0c463e191cb7ac9ad48ce210280d75c92a5d9a37be3fdbc45c44cc76c82410a869855e90e069f9befefc6c00afb002
-
SSDEEP
3072:dGi5y/OdKDgNZldeJ+c2k3GHDP2t5+aVeFIb:v5y/OdCqZP4BGjS+av
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
PLAY_M~2.EXE
-
Size
158KB
-
MD5
236c9737940082a1d8117ed3af345800
-
SHA1
b23c213cc80bc72f8049ff969a5b077a506acb43
-
SHA256
66305ad462848ea10ae813baa57efae22aef8ac41513b6937717875375c9b0e1
-
SHA512
1357292e2929e56113f373735d32ee789762c8d197eaf4fbabbd745564b7569b010bca44bc736f57710fb94984391f4ac6bd816c0102211b3960373c15900d8d
-
SSDEEP
3072:3v+fjieg9/iQhMPSO+4oV2ugfhdpyYeHXf07sjXgK9ce2:/3egpzhMPSh4hPpteHpjwK9c
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-