General
-
Target
54a02706c15bf0dddb9d35bf58a526ba_JaffaCakes118
-
Size
308KB
-
Sample
240518-n9j6esaf9s
-
MD5
54a02706c15bf0dddb9d35bf58a526ba
-
SHA1
7d2001110e9d32c66306c4269ef272dc75b3da0b
-
SHA256
199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
-
SHA512
2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f
-
SSDEEP
6144:zOGTzUbKW5q+UwdFHFi2i28uW3CwbsHZztFm3z:zOUE7hFvfMbazTm3z
Static task
static1
Behavioral task
behavioral1
Sample
54a02706c15bf0dddb9d35bf58a526ba_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
54a02706c15bf0dddb9d35bf58a526ba_JaffaCakes118
-
Size
308KB
-
MD5
54a02706c15bf0dddb9d35bf58a526ba
-
SHA1
7d2001110e9d32c66306c4269ef272dc75b3da0b
-
SHA256
199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
-
SHA512
2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f
-
SSDEEP
6144:zOGTzUbKW5q+UwdFHFi2i28uW3CwbsHZztFm3z:zOUE7hFvfMbazTm3z
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
HiveRAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-