General
-
Target
fd18ba08ec4efdb271129a78c5f7af50_JaffaCakes118
-
Size
415KB
-
Sample
240420-s3sw7scd4s
-
MD5
fd18ba08ec4efdb271129a78c5f7af50
-
SHA1
89a75480e463d9de61361652bde3cfd208101f5d
-
SHA256
f1425cd71a831c0b4ad77377d0919a7a59579b88542f1793fbd3251ad27b0c5c
-
SHA512
c94cf1c5773b8c4d424b66726fa2210dd00fa74768df459eee373e40b057614e83f3eff47693e2cbd0beb5eaa7161a4cafd50daa523c3774879ebc798f4094c6
-
SSDEEP
12288:3kWAehJuqTSadZgvzQE6Sev90DxufO1iuxk+j:3kWAAuq2aEUE6SevAwmUuxkO
Malware Config
Targets
-
-
Target
fd18ba08ec4efdb271129a78c5f7af50_JaffaCakes118
-
Size
415KB
-
MD5
fd18ba08ec4efdb271129a78c5f7af50
-
SHA1
89a75480e463d9de61361652bde3cfd208101f5d
-
SHA256
f1425cd71a831c0b4ad77377d0919a7a59579b88542f1793fbd3251ad27b0c5c
-
SHA512
c94cf1c5773b8c4d424b66726fa2210dd00fa74768df459eee373e40b057614e83f3eff47693e2cbd0beb5eaa7161a4cafd50daa523c3774879ebc798f4094c6
-
SSDEEP
12288:3kWAehJuqTSadZgvzQE6Sev90DxufO1iuxk+j:3kWAAuq2aEUE6SevAwmUuxkO
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-