General
-
Target
21b1aa83f25c211a48af93d3f36c879e_JaffaCakes118
-
Size
168KB
-
Sample
240703-kbqzjaycnk
-
MD5
21b1aa83f25c211a48af93d3f36c879e
-
SHA1
9bc88e363e0c6dfc27f49f9ffe7384056b91f331
-
SHA256
4291a26c357ca63c452c4dd7081e96eac302cfecda5c0d9c28c1e7e2bd3ba03c
-
SHA512
0b3df7239740e88f0d09c5ca66fd35e78702d4625a95767bd1813058f163db6b1c60951c1c8f7fc91e3e4961c3d8ca66688620e20b377a1e6f83f6dd11ffc988
-
SSDEEP
3072:F6Z6aMP2uB2mMfy8I1LMSglXrSzSbIQw4DfjE1FUt/GK49xElUcvg0:HtzYmu7ItEuzScr4DfjE1FUtXtP
Malware Config
Targets
-
-
Target
21b1aa83f25c211a48af93d3f36c879e_JaffaCakes118
-
Size
168KB
-
MD5
21b1aa83f25c211a48af93d3f36c879e
-
SHA1
9bc88e363e0c6dfc27f49f9ffe7384056b91f331
-
SHA256
4291a26c357ca63c452c4dd7081e96eac302cfecda5c0d9c28c1e7e2bd3ba03c
-
SHA512
0b3df7239740e88f0d09c5ca66fd35e78702d4625a95767bd1813058f163db6b1c60951c1c8f7fc91e3e4961c3d8ca66688620e20b377a1e6f83f6dd11ffc988
-
SSDEEP
3072:F6Z6aMP2uB2mMfy8I1LMSglXrSzSbIQw4DfjE1FUt/GK49xElUcvg0:HtzYmu7ItEuzScr4DfjE1FUtXtP
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-