General
-
Target
25c91dcae4731a5c4a08d9246b836add_JaffaCakes118
-
Size
278KB
-
Sample
240704-w2yylsvblb
-
MD5
25c91dcae4731a5c4a08d9246b836add
-
SHA1
2264683af0d4938bbbc9098a24d915aa56e1d849
-
SHA256
05189b6b9b7467fdf9a1f5386216d1952c2c6b9bd0b108418362bbdaeb09f885
-
SHA512
608549b840bad775760837cd72e40554951b6d2e4f491dde0fdce836058f0fd0b9b8cbe86268ab0ca25db9a26ae4ddff2890e243ba480cf699b6b7d04c6b29f8
-
SSDEEP
6144:ow/S1DB/lBBcuI5h29W5jvKfRo67/mEH6FjR:owqlAuIrQaR6CeK
Malware Config
Targets
-
-
Target
25c91dcae4731a5c4a08d9246b836add_JaffaCakes118
-
Size
278KB
-
MD5
25c91dcae4731a5c4a08d9246b836add
-
SHA1
2264683af0d4938bbbc9098a24d915aa56e1d849
-
SHA256
05189b6b9b7467fdf9a1f5386216d1952c2c6b9bd0b108418362bbdaeb09f885
-
SHA512
608549b840bad775760837cd72e40554951b6d2e4f491dde0fdce836058f0fd0b9b8cbe86268ab0ca25db9a26ae4ddff2890e243ba480cf699b6b7d04c6b29f8
-
SSDEEP
6144:ow/S1DB/lBBcuI5h29W5jvKfRo67/mEH6FjR:owqlAuIrQaR6CeK
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-