General

  • Target

    9ba758b08ecfb820c6da64d7f954cbed_JaffaCakes118

  • Size

    304KB

  • Sample

    240610-xklgmawgjd

  • MD5

    9ba758b08ecfb820c6da64d7f954cbed

  • SHA1

    1c3739294d3a6fa957d007098854e308c88e717d

  • SHA256

    9f8c3442cf2cc4b6fb9985353de632dd785d38c05a53b497f0d526ac7c3c1ee1

  • SHA512

    359f44fb16b00916ff16f3a5c8a71d493f1a030beca9c1b848e3885ad8aab00d15f7c77afea6d6375eafc30fa0e7914a9f6b2fe1ce6be0bc83e4819f1a88b9c6

  • SSDEEP

    6144:FFxNzzXzFuk9j/iXLs7dKW6PotJ7DNYx1EgOrHDMnSr:HzzDokBULs7dbQOV7RrHr

Score
10/10

Malware Config

Targets

    • Target

      9ba758b08ecfb820c6da64d7f954cbed_JaffaCakes118

    • Size

      304KB

    • MD5

      9ba758b08ecfb820c6da64d7f954cbed

    • SHA1

      1c3739294d3a6fa957d007098854e308c88e717d

    • SHA256

      9f8c3442cf2cc4b6fb9985353de632dd785d38c05a53b497f0d526ac7c3c1ee1

    • SHA512

      359f44fb16b00916ff16f3a5c8a71d493f1a030beca9c1b848e3885ad8aab00d15f7c77afea6d6375eafc30fa0e7914a9f6b2fe1ce6be0bc83e4819f1a88b9c6

    • SSDEEP

      6144:FFxNzzXzFuk9j/iXLs7dKW6PotJ7DNYx1EgOrHDMnSr:HzzDokBULs7dbQOV7RrHr

    Score
    10/10
    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • HiveRAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks