General
-
Target
21fac61365987a8abfcd0b429a2497bf_JaffaCakes118
-
Size
302KB
-
Sample
240507-2az99abb4y
-
MD5
21fac61365987a8abfcd0b429a2497bf
-
SHA1
114fc4d7533b3fd0dd4d034ae55847d4885d1c70
-
SHA256
8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b
-
SHA512
d86ab5c4e3f1a33a929a99fa57df943e7ae4086543f947f8178a1216d19c1c16c68f350b36a53b062b55d63f0491f6065a7c3e0813edac7f806158c7035da66b
-
SSDEEP
6144:+z+92mhAMJ/cPl3ix0LcjsyBhpH3AY4n3ZfJUh+HsgpqR0r8sqPTAv:+K2mhAMJ/cPlijsyBhpH3AY+3ZGe
Malware Config
Targets
-
-
Target
21fac61365987a8abfcd0b429a2497bf_JaffaCakes118
-
Size
302KB
-
MD5
21fac61365987a8abfcd0b429a2497bf
-
SHA1
114fc4d7533b3fd0dd4d034ae55847d4885d1c70
-
SHA256
8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b
-
SHA512
d86ab5c4e3f1a33a929a99fa57df943e7ae4086543f947f8178a1216d19c1c16c68f350b36a53b062b55d63f0491f6065a7c3e0813edac7f806158c7035da66b
-
SSDEEP
6144:+z+92mhAMJ/cPl3ix0LcjsyBhpH3AY4n3ZfJUh+HsgpqR0r8sqPTAv:+K2mhAMJ/cPlijsyBhpH3AY+3ZGe
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-