General
-
Target
fa80221926a93c725340240563628064_JaffaCakes118
-
Size
256KB
-
Sample
240419-rsqtesfe51
-
MD5
fa80221926a93c725340240563628064
-
SHA1
7f75a724601a8e50d884c252456124887aa674ce
-
SHA256
4b9043984afd099dab4db6c93de9853afe789ea0afa65c615b05cf1b54d106a0
-
SHA512
4ad4dbfb479e52e62621849bcf22c91a1998778fb5de931df3750400f530fd265e1ea54d76f31dff080cef902d00fafcd7a4491ce8e61d948651928df63394db
-
SSDEEP
3072:Cc4n5aZXwSnGLxvYXsp5E5Xkmd9O2ek5d/QhDAIHkcEFkm8296o+JYfrHaOZQImq:C1n58XgQEmd9RIhDvefAwDhrmq
Static task
static1
Behavioral task
behavioral1
Sample
fa80221926a93c725340240563628064_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fa80221926a93c725340240563628064_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fa80221926a93c725340240563628064_JaffaCakes118
-
Size
256KB
-
MD5
fa80221926a93c725340240563628064
-
SHA1
7f75a724601a8e50d884c252456124887aa674ce
-
SHA256
4b9043984afd099dab4db6c93de9853afe789ea0afa65c615b05cf1b54d106a0
-
SHA512
4ad4dbfb479e52e62621849bcf22c91a1998778fb5de931df3750400f530fd265e1ea54d76f31dff080cef902d00fafcd7a4491ce8e61d948651928df63394db
-
SSDEEP
3072:Cc4n5aZXwSnGLxvYXsp5E5Xkmd9O2ek5d/QhDAIHkcEFkm8296o+JYfrHaOZQImq:C1n58XgQEmd9RIhDvefAwDhrmq
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-