General

  • Target

    54a02706c15bf0dddb9d35bf58a526ba_JaffaCakes118

  • Size

    308KB

  • Sample

    240518-n9j6esaf9s

  • MD5

    54a02706c15bf0dddb9d35bf58a526ba

  • SHA1

    7d2001110e9d32c66306c4269ef272dc75b3da0b

  • SHA256

    199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387

  • SHA512

    2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f

  • SSDEEP

    6144:zOGTzUbKW5q+UwdFHFi2i28uW3CwbsHZztFm3z:zOUE7hFvfMbazTm3z

Score
10/10

Malware Config

Targets

    • Target

      54a02706c15bf0dddb9d35bf58a526ba_JaffaCakes118

    • Size

      308KB

    • MD5

      54a02706c15bf0dddb9d35bf58a526ba

    • SHA1

      7d2001110e9d32c66306c4269ef272dc75b3da0b

    • SHA256

      199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387

    • SHA512

      2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f

    • SSDEEP

      6144:zOGTzUbKW5q+UwdFHFi2i28uW3CwbsHZztFm3z:zOUE7hFvfMbazTm3z

    Score
    10/10
    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • HiveRAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks