General
-
Target
97ed728638392e0139d1a3009252acde_JaffaCakes118
-
Size
441KB
-
Sample
240814-2eet4steqk
-
MD5
97ed728638392e0139d1a3009252acde
-
SHA1
c2c2f636dbee6b459d7beb2183bc77f7dcc0425c
-
SHA256
b1ff1921b85d37daac07335f5a88702103fdd681750cd7e4e9e16a2ed61dc8b9
-
SHA512
29156db5385d9492b4929d655636d8119d8b66de3b4e460113644725290960d77aeb31d99cc705f1aedb429c3c6af64f771173806592450bb113f8814d554bb1
-
SSDEEP
12288:k6Wq4aaE6KwyF5L0Y2D1PqLYxnaYgmloAE6t:ithEVaPqLYxnakloAn
Behavioral task
behavioral1
Sample
97ed728638392e0139d1a3009252acde_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
97ed728638392e0139d1a3009252acde_JaffaCakes118
-
Size
441KB
-
MD5
97ed728638392e0139d1a3009252acde
-
SHA1
c2c2f636dbee6b459d7beb2183bc77f7dcc0425c
-
SHA256
b1ff1921b85d37daac07335f5a88702103fdd681750cd7e4e9e16a2ed61dc8b9
-
SHA512
29156db5385d9492b4929d655636d8119d8b66de3b4e460113644725290960d77aeb31d99cc705f1aedb429c3c6af64f771173806592450bb113f8814d554bb1
-
SSDEEP
12288:k6Wq4aaE6KwyF5L0Y2D1PqLYxnaYgmloAE6t:ithEVaPqLYxnakloAn
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-