General
-
Target
85e4226c55c3d20d641927d0d4a2bc60_JaffaCakes118
-
Size
192KB
-
Sample
240810-npd4nsxdpk
-
MD5
85e4226c55c3d20d641927d0d4a2bc60
-
SHA1
bfc25a3fa15dda2d564f96ba99b97d5a938dd704
-
SHA256
ae373b378063f1d0e59123fd92f9029344bc6d9b22236df1f2690ff7eed9a40a
-
SHA512
4a8da169dbb22ed7e01ca6ee522e2a87e70f815602956a4eecd2f0852ac991bbb7d741c93a434d79205269448f879cea069539c3ef66beea397c100cca6b4e5c
-
SSDEEP
3072:k9bFmrdOi6i1C4wMpSgb6LKveD/NA45TCBvOXGfkTfhOoTsAhQ/N0l+7:GZmgidLpSdLKveTNA+TCBnkT5OWp+/Nv
Malware Config
Targets
-
-
Target
85e4226c55c3d20d641927d0d4a2bc60_JaffaCakes118
-
Size
192KB
-
MD5
85e4226c55c3d20d641927d0d4a2bc60
-
SHA1
bfc25a3fa15dda2d564f96ba99b97d5a938dd704
-
SHA256
ae373b378063f1d0e59123fd92f9029344bc6d9b22236df1f2690ff7eed9a40a
-
SHA512
4a8da169dbb22ed7e01ca6ee522e2a87e70f815602956a4eecd2f0852ac991bbb7d741c93a434d79205269448f879cea069539c3ef66beea397c100cca6b4e5c
-
SSDEEP
3072:k9bFmrdOi6i1C4wMpSgb6LKveD/NA45TCBvOXGfkTfhOoTsAhQ/N0l+7:GZmgidLpSdLKveTNA+TCBnkT5OWp+/Nv
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-