General
-
Target
36ad3cbe63b2b704928c330a10f014cb_JaffaCakes118
-
Size
3.9MB
-
Sample
240710-2jy4jstfkp
-
MD5
36ad3cbe63b2b704928c330a10f014cb
-
SHA1
f7b0b72f00fa2e8274505654e01520f5a27828c7
-
SHA256
f5eda9a11a961ca4187041b721c9d094e85c3f59302ef9ec36969bdf25d33836
-
SHA512
f7f2ccdae876019c297c164d0e0b8e0ac604cea620abfce5de64a3486dd5efd057b5d51a8a7f28fbb5e19064d48f7b015683dc24fda08bf12bd3d99b52f12fe5
-
SSDEEP
98304:5t2kdAOLTRFdBCVAG9ywFtpkqrqyVxIJMG:5tg0NvBCVLo6t+qrq8xIJB
Static task
static1
Behavioral task
behavioral1
Sample
36ad3cbe63b2b704928c330a10f014cb_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
36ad3cbe63b2b704928c330a10f014cb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
bitrat
1.34
2.56.212.226:1995
-
communication_password
a76d949640a165da25ccfe9a8fd82c8a
-
tor_process
tor
Targets
-
-
Target
36ad3cbe63b2b704928c330a10f014cb_JaffaCakes118
-
Size
3.9MB
-
MD5
36ad3cbe63b2b704928c330a10f014cb
-
SHA1
f7b0b72f00fa2e8274505654e01520f5a27828c7
-
SHA256
f5eda9a11a961ca4187041b721c9d094e85c3f59302ef9ec36969bdf25d33836
-
SHA512
f7f2ccdae876019c297c164d0e0b8e0ac604cea620abfce5de64a3486dd5efd057b5d51a8a7f28fbb5e19064d48f7b015683dc24fda08bf12bd3d99b52f12fe5
-
SSDEEP
98304:5t2kdAOLTRFdBCVAG9ywFtpkqrqyVxIJMG:5tg0NvBCVLo6t+qrq8xIJB
Score10/10-
Core1 .NET packer
Detects packer/loader used by .NET malware.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-