General
-
Target
8e36bba463c4f1494356859ac8de5b21_JaffaCakes118
-
Size
1.6MB
-
Sample
240812-lh6t1avfjp
-
MD5
8e36bba463c4f1494356859ac8de5b21
-
SHA1
7047285197dbc6a1df5ee45cbec9af35d55c9f56
-
SHA256
af34a8602de915abfb6dc87ec4f2b08c8855a0d92de6b435bdac73a716f184a7
-
SHA512
6073b348d4970a61e4d2829d1b432580630975cc64c875324da407ef295b9fa88e4ce5e23004d4ef23fcd075554af56851af3127add6d8a848cdaeb15f41091e
-
SSDEEP
24576:EItGSqyowm8smieZoWvD/58qTuuKoi3pVfCxVYmNHXM4NgqLGTGtcnmpbamviIjL:EIfqlD8r/51T7ijyNX7mDmcnyVvx3m8d
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
autoR.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
autoR.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
4.8MB
-
MD5
d3dfa3fe24f94b0fb51856d1203d9095
-
SHA1
f7964e87334d96ca6b7ee9faf362bcb373bcf1e1
-
SHA256
e682af464d8413b59e0624ff128bf1f5bdad54d6e3ea529b84705049db9930cd
-
SHA512
05122e2d3f06ab8f426e7d5eed431f9c481ba9b3357a87bbfdecf725e8f327dbdddd5123f90aac5522740429e544aa6ae64c8ef2863d762783935608585f7ea2
-
SSDEEP
98304:SlIY0TC0Hq39bnHmJvTaMDkytdK5AwDR86cpoFBr:Ql0TC0KtjHGT5kyt8rd
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
autoR.exe
-
Size
32KB
-
MD5
030595aec5327ff1e94c8272fcd9e774
-
SHA1
a62e1701acc6f8326da5c25838517228cdf87563
-
SHA256
21d965d6f7993bb8b0d9010e55e72123279e73d712b837d7e151aa46eca0f901
-
SHA512
d1677730c423427c0147d78392be9d9cc680b7a9e039152d039a3ed0a8b6df364d3afd5eaac092089cfc859ca0583b3eefac4b521d45bf24d4227dbf34e18525
-
SSDEEP
768:OSagh0Qu1UkKE7AFPYp/Y8h88C5IWuUAeE0cWoeY:ONgecErpX+4UZcWC
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-