General
-
Target
fa872efd153e01ad19409510c78d4c0f_JaffaCakes118
-
Size
1.2MB
-
Sample
240419-r4xfcafh3y
-
MD5
fa872efd153e01ad19409510c78d4c0f
-
SHA1
7b03c181638141869c675164c36027fab726b4dd
-
SHA256
8c45b32a2e27c67aa39f49db3d538482ea46e054142ce5bb179a4e887682ebfd
-
SHA512
5112964e1f63d35327fbb5b1831e939096fc2a4767fc7cd6a77b7595458e151de1f22d48bc96ec89c09010eee52a193d585295417d3341d964d5507946b53234
-
SSDEEP
24576:YHDJrgQpHZtHKx3jYl51jkm1SoXjBYr6+1wXE6cL6GJNV:YHDJrgOXKx3jYdl1SozBOC3cLX5
Static task
static1
Behavioral task
behavioral1
Sample
大华录相恢复工具1[1].3(试用版).exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
大华录相恢复工具1[1].3(试用版).exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
大华录相恢复工具1[1].3(试用版).exe
-
Size
1.4MB
-
MD5
a1bd495d9220f35032963bae2f1859d4
-
SHA1
06fafe199d9af85fcaa18c5a003585515bf4e1e3
-
SHA256
0e9b0fffda19bdc762a0fce53f18649e5b5c96d60fdcfd5dbbbae57576afe73d
-
SHA512
34ffa0a5033890310d177047c55bb55ba00e35b9d2181449b239d3c7013e9635a23d066f118f761618425f755e34d8660f88acea572b8377491f3bb738b64778
-
SSDEEP
24576:C55FPb967PUUCCd3r1z2mPikcfbOdNgs3EE1D1cG5DJIQwGCtxn8GbemUsp:CzFD909Xd3Bzn2Ug6f1D1x5DJlYnmmXp
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
新云软件.url
-
Size
133B
-
MD5
4f0017b3b346bd0626f0c3b915e6e734
-
SHA1
823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
-
SHA256
df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
-
SHA512
0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score1/10 -