General
-
Target
939e2c9b64a6ac71e40f6738cb436a18_JaffaCakes118
-
Size
158KB
-
Sample
240813-slrb2svhlq
-
MD5
939e2c9b64a6ac71e40f6738cb436a18
-
SHA1
a824ac5547e2af48bd03f02e2440ed81bef62125
-
SHA256
db59a9ab2b85f2563563da0868de87cabfce29601b3b040894a2d8e5bd0e7005
-
SHA512
22ff96c101b1acd3887be0d6b2dca0f66f71f997c515ec1e995d63f0f2f29dd96c7d0af4306bd5ffebe1a0b5609fd0abc3d1330e3084d2dd91b4413c4265e1f0
-
SSDEEP
3072:MR/8rqUUfxIdq1n2UuAr2zJxJDwHTkjRzJFkPnHcCzbKtZc:MB85UfxIcevwHAjRlFkPnHc2utZc
Malware Config
Targets
-
-
Target
939e2c9b64a6ac71e40f6738cb436a18_JaffaCakes118
-
Size
158KB
-
MD5
939e2c9b64a6ac71e40f6738cb436a18
-
SHA1
a824ac5547e2af48bd03f02e2440ed81bef62125
-
SHA256
db59a9ab2b85f2563563da0868de87cabfce29601b3b040894a2d8e5bd0e7005
-
SHA512
22ff96c101b1acd3887be0d6b2dca0f66f71f997c515ec1e995d63f0f2f29dd96c7d0af4306bd5ffebe1a0b5609fd0abc3d1330e3084d2dd91b4413c4265e1f0
-
SSDEEP
3072:MR/8rqUUfxIdq1n2UuAr2zJxJDwHTkjRzJFkPnHcCzbKtZc:MB85UfxIcevwHAjRlFkPnHc2utZc
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-