General

  • Target

    66774ed9288f2a83766237c609c448f9_JaffaCakes118

  • Size

    6.6MB

  • Sample

    240522-h94xyagb95

  • MD5

    66774ed9288f2a83766237c609c448f9

  • SHA1

    4f678cbbd2d0b7682b05f6e6d94a5ad7796b218b

  • SHA256

    85a4d6ef8a917e47e62c229486e3797918c104de2d69291d23c9e87b8e38a65c

  • SHA512

    c7e144ef3d8b263afa3d891e714c1c4d67e230778033e4d7923776580933b50de8b0a247db755ba1ca28b45ec241198d5646f276906836ffe9863ac067ffbbc2

  • SSDEEP

    196608:9iwXF/PYOf5jL9Fpb72HspkNrMeFmn4jE5:9iw1/QONL97P2Hsp14w

Score
8/10

Malware Config

Targets

    • Target

      66774ed9288f2a83766237c609c448f9_JaffaCakes118

    • Size

      6.6MB

    • MD5

      66774ed9288f2a83766237c609c448f9

    • SHA1

      4f678cbbd2d0b7682b05f6e6d94a5ad7796b218b

    • SHA256

      85a4d6ef8a917e47e62c229486e3797918c104de2d69291d23c9e87b8e38a65c

    • SHA512

      c7e144ef3d8b263afa3d891e714c1c4d67e230778033e4d7923776580933b50de8b0a247db755ba1ca28b45ec241198d5646f276906836ffe9863ac067ffbbc2

    • SSDEEP

      196608:9iwXF/PYOf5jL9Fpb72HspkNrMeFmn4jE5:9iw1/QONL97P2Hsp14w

    Score
    8/10
    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks