General
-
Target
4b12df6d6f224c8364fe1fa0800fe585_JaffaCakes118
-
Size
448KB
-
Sample
240715-x41qnavhmj
-
MD5
4b12df6d6f224c8364fe1fa0800fe585
-
SHA1
2d475c6bc871a2b39e4a2b8207bb3bb0278127a5
-
SHA256
23119ac962ffbcac92d205d0ad4759be01c6c33b50666b7696130b7dbc546c79
-
SHA512
39188a5180220550ea490696fe86c4989e903b1e23bc3139b7a30b6e5feb8219c5bb79bc46986ed13c0e039e15542e7dbe65d957e64886aed280becfe61f2f19
-
SSDEEP
6144:aiDXUqfmeGqfXDXibVNMAySn/su3G0r0:Nme3yVNMA/sulo
Malware Config
Targets
-
-
Target
4b12df6d6f224c8364fe1fa0800fe585_JaffaCakes118
-
Size
448KB
-
MD5
4b12df6d6f224c8364fe1fa0800fe585
-
SHA1
2d475c6bc871a2b39e4a2b8207bb3bb0278127a5
-
SHA256
23119ac962ffbcac92d205d0ad4759be01c6c33b50666b7696130b7dbc546c79
-
SHA512
39188a5180220550ea490696fe86c4989e903b1e23bc3139b7a30b6e5feb8219c5bb79bc46986ed13c0e039e15542e7dbe65d957e64886aed280becfe61f2f19
-
SSDEEP
6144:aiDXUqfmeGqfXDXibVNMAySn/su3G0r0:Nme3yVNMA/sulo
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-