General
-
Target
188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118
-
Size
6.2MB
-
Sample
240628-dkn3za1ajr
-
MD5
188ea6da222629732fd7ec7e22f7cd3b
-
SHA1
1e9d81e4b41ca5fb4eb4cbb442c183fd4783c6ec
-
SHA256
9a0a5ca2046e116e4e4c4c3afabfa11be5931f85b18df2732a26be06bf418f0f
-
SHA512
4634a0e87524d14f3204f5d585d26225258762cc4bc57d043e0bf4fc8f57a6b623649a03690956626b721f04aa8f191bc158d3572c1688d2c28152c790d57ace
-
SSDEEP
98304:xmBa4AnQ0WOpalZxd/9hMuP8WMLmuZKVSr6ZlDs6XnUbJp5KysMS04ESFtvbcI6T:x0oQ0WOpCZBxPukVSGqX5KyJ4ESjcIg
Static task
static1
Behavioral task
behavioral1
Sample
188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
bitrat
1.34
2.56.212.226:1995
-
communication_password
a76d949640a165da25ccfe9a8fd82c8a
-
install_dir
DiagnosticPerfos
-
install_file
DiagnosticPerformer.exe
-
tor_process
tor
Targets
-
-
Target
188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118
-
Size
6.2MB
-
MD5
188ea6da222629732fd7ec7e22f7cd3b
-
SHA1
1e9d81e4b41ca5fb4eb4cbb442c183fd4783c6ec
-
SHA256
9a0a5ca2046e116e4e4c4c3afabfa11be5931f85b18df2732a26be06bf418f0f
-
SHA512
4634a0e87524d14f3204f5d585d26225258762cc4bc57d043e0bf4fc8f57a6b623649a03690956626b721f04aa8f191bc158d3572c1688d2c28152c790d57ace
-
SSDEEP
98304:xmBa4AnQ0WOpalZxd/9hMuP8WMLmuZKVSr6ZlDs6XnUbJp5KysMS04ESFtvbcI6T:x0oQ0WOpCZBxPukVSGqX5KyJ4ESjcIg
Score10/10-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-