General
-
Target
20ab822aa24f01d171f063a93675a115_JaffaCakes118
-
Size
1000KB
-
Sample
240507-qgefkshb5v
-
MD5
20ab822aa24f01d171f063a93675a115
-
SHA1
5d185ff2b7fe496e3922678ab3030846110712e5
-
SHA256
00359bd59c5009663d59825dad628f38c579b01b16b455e81bd059d2b03a1323
-
SHA512
26f12bb6491f2d492f153e38a7908d402897aa5cd302ceccbc04e041dce9ff7ad9a711b881109ebd84e5a2925cd24bc4e5c13f1cf071b58f7787ca92597666ac
-
SSDEEP
12288:RBmrDXCs2zo2z5bjaT7ihIjUWrhoUPWAsBQ29nzvZzpTaTUfAJFMI8worXUBkjj0:RIZj7oZVvZBAgjX5XuN
Malware Config
Targets
-
-
Target
20ab822aa24f01d171f063a93675a115_JaffaCakes118
-
Size
1000KB
-
MD5
20ab822aa24f01d171f063a93675a115
-
SHA1
5d185ff2b7fe496e3922678ab3030846110712e5
-
SHA256
00359bd59c5009663d59825dad628f38c579b01b16b455e81bd059d2b03a1323
-
SHA512
26f12bb6491f2d492f153e38a7908d402897aa5cd302ceccbc04e041dce9ff7ad9a711b881109ebd84e5a2925cd24bc4e5c13f1cf071b58f7787ca92597666ac
-
SSDEEP
12288:RBmrDXCs2zo2z5bjaT7ihIjUWrhoUPWAsBQ29nzvZzpTaTUfAJFMI8worXUBkjj0:RIZj7oZVvZBAgjX5XuN
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-