General
-
Target
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118
-
Size
49KB
-
Sample
240420-snxlvabh6z
-
MD5
fd0e477f26eccd783d2819b1c35e4d40
-
SHA1
ace074e56e7f8875405cba17cdf48d4c053b37e5
-
SHA256
af204a3b364e15c8fff9e6a1adfce189e4267ea4ff2a49c116d10ba08c4bb605
-
SHA512
5d804fe7c5b500f58c4bf37e93b4f62766da5fc058d0f0cad02fd6903491ff45c91e1c1fba119c89290fc3a4f16626a78d100c635728ae6e5fdb27ac55d80ae9
-
SSDEEP
1536:Rffj6lx9QTW/dfhoBbWnkYswggDwx8ltmHUr9:RffMxv/dfwbj0RDo8l7
Malware Config
Targets
-
-
Target
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118
-
Size
49KB
-
MD5
fd0e477f26eccd783d2819b1c35e4d40
-
SHA1
ace074e56e7f8875405cba17cdf48d4c053b37e5
-
SHA256
af204a3b364e15c8fff9e6a1adfce189e4267ea4ff2a49c116d10ba08c4bb605
-
SHA512
5d804fe7c5b500f58c4bf37e93b4f62766da5fc058d0f0cad02fd6903491ff45c91e1c1fba119c89290fc3a4f16626a78d100c635728ae6e5fdb27ac55d80ae9
-
SSDEEP
1536:Rffj6lx9QTW/dfhoBbWnkYswggDwx8ltmHUr9:RffMxv/dfwbj0RDo8l7
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-