General
-
Target
3f451c4f266d0a7207c627037955f24d_JaffaCakes118
-
Size
1.4MB
-
Sample
240712-3be65svepq
-
MD5
3f451c4f266d0a7207c627037955f24d
-
SHA1
7f9d84a568fc3b29cc0f822c6e4876797ed5d7ac
-
SHA256
e23136711f521d927dd69e526f79cbd6a0fe6578aec27f01696455e9a5f0b66b
-
SHA512
c1f125f6c907d8a4da714a886b86a8fc37c1d537ff401bf11de4d64f685ed2bf67625c81a7e4630320449ff5384cab95116249eb9caf694cafb18709818676f4
-
SSDEEP
24576:5NbvZdL9Q9ZtW8KPsViZY+faUhkAjytchixJihzFXnjaiHgbsHkUFK:vh59Q9zlKPYiZUdAjy2hiaFmiAqE
Malware Config
Targets
-
-
Target
3f451c4f266d0a7207c627037955f24d_JaffaCakes118
-
Size
1.4MB
-
MD5
3f451c4f266d0a7207c627037955f24d
-
SHA1
7f9d84a568fc3b29cc0f822c6e4876797ed5d7ac
-
SHA256
e23136711f521d927dd69e526f79cbd6a0fe6578aec27f01696455e9a5f0b66b
-
SHA512
c1f125f6c907d8a4da714a886b86a8fc37c1d537ff401bf11de4d64f685ed2bf67625c81a7e4630320449ff5384cab95116249eb9caf694cafb18709818676f4
-
SSDEEP
24576:5NbvZdL9Q9ZtW8KPsViZY+faUhkAjytchixJihzFXnjaiHgbsHkUFK:vh59Q9zlKPYiZUdAjy2hiaFmiAqE
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Drops file in System32 directory
-