General
-
Target
fddc2021f643a8407186cb08ffe29e03_JaffaCakes118
-
Size
111KB
-
Sample
240420-229b8scc72
-
MD5
fddc2021f643a8407186cb08ffe29e03
-
SHA1
c3bd26cc21cc94e0bc479d5f31bd1ad375b200a5
-
SHA256
55aaacef89443ab7b5d82507eea920a0c407bb5f6a88afd8545dde0e62d8657d
-
SHA512
6cdb65f22384525553a30a9823ee708f06b7f95642bb61e0cbcad442cf053b89868feb88f89e339ea05f057830173777398b76f44f497f90405d541c9d43cac3
-
SSDEEP
3072:ITgUCy969BNsbkSl0j35+XAn3vPpqFZtspA:ITFi0jl0r5+XR/tIA
Malware Config
Targets
-
-
Target
fddc2021f643a8407186cb08ffe29e03_JaffaCakes118
-
Size
111KB
-
MD5
fddc2021f643a8407186cb08ffe29e03
-
SHA1
c3bd26cc21cc94e0bc479d5f31bd1ad375b200a5
-
SHA256
55aaacef89443ab7b5d82507eea920a0c407bb5f6a88afd8545dde0e62d8657d
-
SHA512
6cdb65f22384525553a30a9823ee708f06b7f95642bb61e0cbcad442cf053b89868feb88f89e339ea05f057830173777398b76f44f497f90405d541c9d43cac3
-
SSDEEP
3072:ITgUCy969BNsbkSl0j35+XAn3vPpqFZtspA:ITFi0jl0r5+XR/tIA
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-