General
-
Target
28a1e550af11ae901bd61526c44dc243_JaffaCakes118
-
Size
496KB
-
Sample
240706-sqrtdavdqe
-
MD5
28a1e550af11ae901bd61526c44dc243
-
SHA1
17e432ca6f73250545299b9c923614d59d3d3125
-
SHA256
2fe75f1af96113739774688d392d325417fd10b11f0cc5dab4af9bf17f204a5a
-
SHA512
c34d8002255afd8399fc332f44eb036fd634739f991cdd781ccf77a256d4676746acf1df44eb5448c351eff2530b7363dde53be2265fd9b5e1c27c40e0274367
-
SSDEEP
12288:DJEGTQhlMS8e8vifddJht0K96J/x497jP:DaG1S8VqFdJP0K9g/x0P
Malware Config
Targets
-
-
Target
28a1e550af11ae901bd61526c44dc243_JaffaCakes118
-
Size
496KB
-
MD5
28a1e550af11ae901bd61526c44dc243
-
SHA1
17e432ca6f73250545299b9c923614d59d3d3125
-
SHA256
2fe75f1af96113739774688d392d325417fd10b11f0cc5dab4af9bf17f204a5a
-
SHA512
c34d8002255afd8399fc332f44eb036fd634739f991cdd781ccf77a256d4676746acf1df44eb5448c351eff2530b7363dde53be2265fd9b5e1c27c40e0274367
-
SSDEEP
12288:DJEGTQhlMS8e8vifddJht0K96J/x497jP:DaG1S8VqFdJP0K9g/x0P
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-