General
-
Target
8884c81a02c7d8ee5e2f40629abb5c7d_JaffaCakes118
-
Size
448KB
-
Sample
240811-b7hhlatcre
-
MD5
8884c81a02c7d8ee5e2f40629abb5c7d
-
SHA1
b57a13ac33efdaf2d57a67338b79b22e0af21949
-
SHA256
14cbfe2d29f63f8f6709429a828ec91b028597124b8878fa90aed39805956c06
-
SHA512
897278426261275a71aec384eebda645477cbd8b472149a6d86d8b7ce604560cb2de3a0a4f2338f611b61faa9a3eb7b07aaf0d5bf51c6583265cae8cfab23141
-
SSDEEP
12288:26Wq4aaE6KwyF5L0Y2D1PqLN23kAYsoAyLm8/l:8thEVaPqL8UwoFm8N
Behavioral task
behavioral1
Sample
8884c81a02c7d8ee5e2f40629abb5c7d_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
8884c81a02c7d8ee5e2f40629abb5c7d_JaffaCakes118
-
Size
448KB
-
MD5
8884c81a02c7d8ee5e2f40629abb5c7d
-
SHA1
b57a13ac33efdaf2d57a67338b79b22e0af21949
-
SHA256
14cbfe2d29f63f8f6709429a828ec91b028597124b8878fa90aed39805956c06
-
SHA512
897278426261275a71aec384eebda645477cbd8b472149a6d86d8b7ce604560cb2de3a0a4f2338f611b61faa9a3eb7b07aaf0d5bf51c6583265cae8cfab23141
-
SSDEEP
12288:26Wq4aaE6KwyF5L0Y2D1PqLN23kAYsoAyLm8/l:8thEVaPqL8UwoFm8N
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-