General
-
Target
0e432949f8822e67deab8eb37b142179_JaffaCakes118
-
Size
365KB
-
Sample
240625-qt3nyawblk
-
MD5
0e432949f8822e67deab8eb37b142179
-
SHA1
0cbc6443eedd8c2a2804d881df9527d28a5f8129
-
SHA256
71ed37c9314d71ae3fd9d5b431f931072899fe84f5ce2d49aaba78b3eb61ade2
-
SHA512
e39c41693fe027c860ba78d999646effbe3c81700f5752490b3d499890dfa886a96dbd6c44413455193513461ed8f1cf05999ba01e1f714f5a5d537750e25d51
-
SSDEEP
6144:HW3ixtIulmbpCGyEWrW7P6/e+UUbIeiQZEb67yyzym39hz3Sl5/ynpItGhaO+8S9:HW3ixNmgGGyr159Q6Ryj3L7npIIPRS8s
Malware Config
Targets
-
-
Target
0e432949f8822e67deab8eb37b142179_JaffaCakes118
-
Size
365KB
-
MD5
0e432949f8822e67deab8eb37b142179
-
SHA1
0cbc6443eedd8c2a2804d881df9527d28a5f8129
-
SHA256
71ed37c9314d71ae3fd9d5b431f931072899fe84f5ce2d49aaba78b3eb61ade2
-
SHA512
e39c41693fe027c860ba78d999646effbe3c81700f5752490b3d499890dfa886a96dbd6c44413455193513461ed8f1cf05999ba01e1f714f5a5d537750e25d51
-
SSDEEP
6144:HW3ixtIulmbpCGyEWrW7P6/e+UUbIeiQZEb67yyzym39hz3Sl5/ynpItGhaO+8S9:HW3ixNmgGGyr159Q6Ryj3L7npIIPRS8s
Score8/10-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-