General
-
Target
65bc98bd70c690be5e6f857ea73aabd4_JaffaCakes118
-
Size
208KB
-
Sample
240723-ckxvfa1gna
-
MD5
65bc98bd70c690be5e6f857ea73aabd4
-
SHA1
550b4017705ccaeb222d6463f0f62a48291eab37
-
SHA256
6695e39c859a1de5043ecb80354145964b217e681c326c5b4f8eeef0b48bb19b
-
SHA512
98549202087840a0b69b0573f14bb348e2dff17a98bfe8f8799a7d193302d903a53c61d09aa00660079ca9af22cbae9f9ebd44d5be8650b253a6398999a24fe5
-
SSDEEP
3072:5pAiz+qHJU4wydka7Tq0Rq8zxQ+ibSsFJFPn/3Jg3GU1gjzLl6lEo:YiCqHmTydvW09dQ+ipJFP/ZkaLl6H
Malware Config
Targets
-
-
Target
65bc98bd70c690be5e6f857ea73aabd4_JaffaCakes118
-
Size
208KB
-
MD5
65bc98bd70c690be5e6f857ea73aabd4
-
SHA1
550b4017705ccaeb222d6463f0f62a48291eab37
-
SHA256
6695e39c859a1de5043ecb80354145964b217e681c326c5b4f8eeef0b48bb19b
-
SHA512
98549202087840a0b69b0573f14bb348e2dff17a98bfe8f8799a7d193302d903a53c61d09aa00660079ca9af22cbae9f9ebd44d5be8650b253a6398999a24fe5
-
SSDEEP
3072:5pAiz+qHJU4wydka7Tq0Rq8zxQ+ibSsFJFPn/3Jg3GU1gjzLl6lEo:YiCqHmTydvW09dQ+ipJFP/ZkaLl6H
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-