General
-
Target
26a32806dab50be0902bd016dadeb582_JaffaCakes118
-
Size
35KB
-
Sample
240704-3hnf4axhna
-
MD5
26a32806dab50be0902bd016dadeb582
-
SHA1
f85d2ac425e9632d166a84958ebd4f7d69682a67
-
SHA256
6748461f83c7c113162bd68835a1a7f594ffecdc8444b0ac57ecd9848471046e
-
SHA512
c69981c0fe90e4a99025ccfa88dadabc733346919f4398696346abb8d214278f0e51fad117a18a973a7f66aa7ccc21926d54d2d0442189f4559058680180c5b9
-
SSDEEP
768:Asd3Pd+ZZzD7uCcr6BD+fYu7iGLyf+OYdjMujQi9+4rPw:PNPd+ZZzDyCdUgu79Lyf+JdjMuz95
Malware Config
Targets
-
-
Target
26a32806dab50be0902bd016dadeb582_JaffaCakes118
-
Size
35KB
-
MD5
26a32806dab50be0902bd016dadeb582
-
SHA1
f85d2ac425e9632d166a84958ebd4f7d69682a67
-
SHA256
6748461f83c7c113162bd68835a1a7f594ffecdc8444b0ac57ecd9848471046e
-
SHA512
c69981c0fe90e4a99025ccfa88dadabc733346919f4398696346abb8d214278f0e51fad117a18a973a7f66aa7ccc21926d54d2d0442189f4559058680180c5b9
-
SSDEEP
768:Asd3Pd+ZZzD7uCcr6BD+fYu7iGLyf+OYdjMujQi9+4rPw:PNPd+ZZzDyCdUgu79Lyf+JdjMuz95
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-