General
-
Target
46b8cc5f29829b95b10da98da10ab962_JaffaCakes118
-
Size
242KB
-
Sample
240714-vjqc3s1hpg
-
MD5
46b8cc5f29829b95b10da98da10ab962
-
SHA1
23dc26396f2ee7d03991e276ce33c06582937ff6
-
SHA256
9a307fb8f1c1c1bf3255bc8efbedd3e04a809ae0ce8020768c6f752272bd48c4
-
SHA512
04ba4234a5eb3c698ee346a926ca9accc7e889f6d0c42035b6f1691e8029bf34520e41370f27d408173605333a653e93d5d4fa0efebade0b5edaa619227d82bb
-
SSDEEP
6144:dIpIaywXBpry94ks/z0tMREk+/o/Q9m5eYjYRhIb:d6MwX3rIgYtMik+Ao9mYnRu
Malware Config
Targets
-
-
Target
46b8cc5f29829b95b10da98da10ab962_JaffaCakes118
-
Size
242KB
-
MD5
46b8cc5f29829b95b10da98da10ab962
-
SHA1
23dc26396f2ee7d03991e276ce33c06582937ff6
-
SHA256
9a307fb8f1c1c1bf3255bc8efbedd3e04a809ae0ce8020768c6f752272bd48c4
-
SHA512
04ba4234a5eb3c698ee346a926ca9accc7e889f6d0c42035b6f1691e8029bf34520e41370f27d408173605333a653e93d5d4fa0efebade0b5edaa619227d82bb
-
SSDEEP
6144:dIpIaywXBpry94ks/z0tMREk+/o/Q9m5eYjYRhIb:d6MwX3rIgYtMik+Ao9mYnRu
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-