General
-
Target
fcea2dc46dccfc78d672b464ea29b9fd_JaffaCakes118
-
Size
228KB
-
Sample
240420-q82eesab66
-
MD5
fcea2dc46dccfc78d672b464ea29b9fd
-
SHA1
efebaf5bba35c52d994ab6c925073543801c0ccf
-
SHA256
e2acca515cc2e5226c40dd32decbe8f9a7194ed36a55ddcd21cd68e024c3c621
-
SHA512
873cb812de8637ac5d72ad0d20266653d773b89115a49491e0a124d68c1763d0c87488695dcb91b58540c8ab920ef43b560faf33d0b3d0bcb16f34b11c6276f6
-
SSDEEP
3072:PmPWTOBX5Su7HyRmFdu7nmFycVZBSOsq1d8cS2Le55aOJjK9E3/C1rtooSst:OGqjeeLVZBQgGcSEe55nJjggaxtoG
Malware Config
Targets
-
-
Target
fcea2dc46dccfc78d672b464ea29b9fd_JaffaCakes118
-
Size
228KB
-
MD5
fcea2dc46dccfc78d672b464ea29b9fd
-
SHA1
efebaf5bba35c52d994ab6c925073543801c0ccf
-
SHA256
e2acca515cc2e5226c40dd32decbe8f9a7194ed36a55ddcd21cd68e024c3c621
-
SHA512
873cb812de8637ac5d72ad0d20266653d773b89115a49491e0a124d68c1763d0c87488695dcb91b58540c8ab920ef43b560faf33d0b3d0bcb16f34b11c6276f6
-
SSDEEP
3072:PmPWTOBX5Su7HyRmFdu7nmFycVZBSOsq1d8cS2Le55aOJjK9E3/C1rtooSst:OGqjeeLVZBQgGcSEe55nJjggaxtoG
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-