General
-
Target
066b2f8ddb20bf658dc045fc3107fef8_JaffaCakes118
-
Size
3.5MB
-
Sample
240429-avtjnada39
-
MD5
066b2f8ddb20bf658dc045fc3107fef8
-
SHA1
ee0251abe47a8a7627e592c262cba6a3308ffe37
-
SHA256
05112303428f69b5abbe55244bf443921322b957b80459a7b6b7aaa9abf32490
-
SHA512
454a3e4c0bd3206dd90a9172ffdee53a66db3a1e2e1b41575e143ffa58345d8cc06f115eaaf492a971014ab2009bf5865b541cca1c9caf3c55ad94643e678f0f
-
SSDEEP
49152:691bUnnoSGrwwnoha6pELxPBIde45q15rMb011+k8MI6Cwjps6QtvXufGpfu:0dUnoDEwocPJYb0c/Lwjep46u
Malware Config
Targets
-
-
Target
066b2f8ddb20bf658dc045fc3107fef8_JaffaCakes118
-
Size
3.5MB
-
MD5
066b2f8ddb20bf658dc045fc3107fef8
-
SHA1
ee0251abe47a8a7627e592c262cba6a3308ffe37
-
SHA256
05112303428f69b5abbe55244bf443921322b957b80459a7b6b7aaa9abf32490
-
SHA512
454a3e4c0bd3206dd90a9172ffdee53a66db3a1e2e1b41575e143ffa58345d8cc06f115eaaf492a971014ab2009bf5865b541cca1c9caf3c55ad94643e678f0f
-
SSDEEP
49152:691bUnnoSGrwwnoha6pELxPBIde45q15rMb011+k8MI6Cwjps6QtvXufGpfu:0dUnoDEwocPJYb0c/Lwjep46u
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-