General
-
Target
73c6aee2a6eefc8d6376eed7696a3603_JaffaCakes118
-
Size
171KB
-
Sample
240726-m5373atgjr
-
MD5
73c6aee2a6eefc8d6376eed7696a3603
-
SHA1
0e0440fc47326f1af8c3f0b9afc6f9718af6ce21
-
SHA256
8d4fd44b3b6e9f883ca1e841b377ae28edc6bc438ffdbf9aa5f9c59964a104a0
-
SHA512
129529b0acfbe7d8b9c359183c3f001e22762dc1e6311d1ef1c146d5d2e3ed24f39c89a3b5bae044b48de128a64848daa9a6b5149de8d0fa24b59499eea0e6e6
-
SSDEEP
3072:bB4FJTDTw6EVSp0ydsKA/QcbM7f5CGg4IEDA5a/c2AHJyWza9q4iuOneRLaZmqQt:bBqTDs6asUEDA5F2Cyt9DGeRLaZmqsDZ
Malware Config
Targets
-
-
Target
73c6aee2a6eefc8d6376eed7696a3603_JaffaCakes118
-
Size
171KB
-
MD5
73c6aee2a6eefc8d6376eed7696a3603
-
SHA1
0e0440fc47326f1af8c3f0b9afc6f9718af6ce21
-
SHA256
8d4fd44b3b6e9f883ca1e841b377ae28edc6bc438ffdbf9aa5f9c59964a104a0
-
SHA512
129529b0acfbe7d8b9c359183c3f001e22762dc1e6311d1ef1c146d5d2e3ed24f39c89a3b5bae044b48de128a64848daa9a6b5149de8d0fa24b59499eea0e6e6
-
SSDEEP
3072:bB4FJTDTw6EVSp0ydsKA/QcbM7f5CGg4IEDA5a/c2AHJyWza9q4iuOneRLaZmqQt:bBqTDs6asUEDA5F2Cyt9DGeRLaZmqsDZ
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-