General
-
Target
8c5916504e5777e7e480218d0d03f606_JaffaCakes118
-
Size
3.5MB
-
Sample
240602-a1pgwsdc58
-
MD5
8c5916504e5777e7e480218d0d03f606
-
SHA1
7ae1380b654f3a5385dd2b3470f1ce2c73bd775e
-
SHA256
12ed60d920d4f10c94e3dab35a6cd9ecfd936b85a13767bfd54a2bea43ab1a9c
-
SHA512
b468860811fe5e82407d8d2216529ba5b35070cb30e527b04f531ec9d769887c0efc18c712017aa5a0a86f7095da32d9c9bd6a1bc7306ab6514fdf2e0f03c03e
-
SSDEEP
98304:bAFdv3GJeGctTw+V0wn2QESQIIbcF/QOlNqgvHQnH5sNRaPvC:s7GJtctw+V0w2QErILqOlNqTHeNRaS
Malware Config
Targets
-
-
Target
8c5916504e5777e7e480218d0d03f606_JaffaCakes118
-
Size
3.5MB
-
MD5
8c5916504e5777e7e480218d0d03f606
-
SHA1
7ae1380b654f3a5385dd2b3470f1ce2c73bd775e
-
SHA256
12ed60d920d4f10c94e3dab35a6cd9ecfd936b85a13767bfd54a2bea43ab1a9c
-
SHA512
b468860811fe5e82407d8d2216529ba5b35070cb30e527b04f531ec9d769887c0efc18c712017aa5a0a86f7095da32d9c9bd6a1bc7306ab6514fdf2e0f03c03e
-
SSDEEP
98304:bAFdv3GJeGctTw+V0wn2QESQIIbcF/QOlNqgvHQnH5sNRaPvC:s7GJtctw+V0w2QErILqOlNqTHeNRaS
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-