General
-
Target
5cbd36d95b2329c02152112a957ce639_JaffaCakes118
-
Size
240KB
-
Sample
240719-tz8zpazdpr
-
MD5
5cbd36d95b2329c02152112a957ce639
-
SHA1
91e92845b83e662e127af8b046c353c4b396335d
-
SHA256
81d8bd4180835a1b3fe27e4b63a683d84d9110e782b3ed99c7bff46a1f160f07
-
SHA512
45205ed34f2b074a1aaf2dea5e2e87eba490323e4ffccd035b73e3fa2fbf6934ce3d84267eaf70d626b082416476f0e0cc2a9ca79811b8a9f0a3c1b550309f66
-
SSDEEP
6144:qdNYeBb+Zbl8EhDKf100QRchpvhYt4tZrsle:6N2bw00QChpvSSYe
Malware Config
Targets
-
-
Target
5cbd36d95b2329c02152112a957ce639_JaffaCakes118
-
Size
240KB
-
MD5
5cbd36d95b2329c02152112a957ce639
-
SHA1
91e92845b83e662e127af8b046c353c4b396335d
-
SHA256
81d8bd4180835a1b3fe27e4b63a683d84d9110e782b3ed99c7bff46a1f160f07
-
SHA512
45205ed34f2b074a1aaf2dea5e2e87eba490323e4ffccd035b73e3fa2fbf6934ce3d84267eaf70d626b082416476f0e0cc2a9ca79811b8a9f0a3c1b550309f66
-
SSDEEP
6144:qdNYeBb+Zbl8EhDKf100QRchpvhYt4tZrsle:6N2bw00QChpvSSYe
Score8/10-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-