General
-
Target
59f51a6c348adcf831951ebdb2dfd7db_JaffaCakes118
-
Size
243KB
-
Sample
240719-b4trfsxapr
-
MD5
59f51a6c348adcf831951ebdb2dfd7db
-
SHA1
7b82f1fc193392e1d7a97209f1a6cc25678385c7
-
SHA256
7566fe668c9cf9b0a92f81279528d141fc7aa4acb3e38c61f3ba4519e88f6981
-
SHA512
3460e69bbf3ff4fe4357719d15e05e2e6037729e731fe7a26de48bfa931f918f56a35adb78c8d84fc9476b42e86959f1283c36981e23edf087bf6e5f59a044cf
-
SSDEEP
6144:lofAndVrvYwQjRrwuo85fZp+6i4ME1DMmJQu5H4EzDnLVQ:mY7lQjJaCx06TM6MmySHHzDL
Malware Config
Targets
-
-
Target
59f51a6c348adcf831951ebdb2dfd7db_JaffaCakes118
-
Size
243KB
-
MD5
59f51a6c348adcf831951ebdb2dfd7db
-
SHA1
7b82f1fc193392e1d7a97209f1a6cc25678385c7
-
SHA256
7566fe668c9cf9b0a92f81279528d141fc7aa4acb3e38c61f3ba4519e88f6981
-
SHA512
3460e69bbf3ff4fe4357719d15e05e2e6037729e731fe7a26de48bfa931f918f56a35adb78c8d84fc9476b42e86959f1283c36981e23edf087bf6e5f59a044cf
-
SSDEEP
6144:lofAndVrvYwQjRrwuo85fZp+6i4ME1DMmJQu5H4EzDnLVQ:mY7lQjJaCx06TM6MmySHHzDL
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-