General
-
Target
98318c2ea2fe212813bfab98c2d37426_JaffaCakes118
-
Size
31KB
-
Sample
240814-31ksxsshng
-
MD5
98318c2ea2fe212813bfab98c2d37426
-
SHA1
81f4b2bd4f0eaa1b58078d50a33ff0f95a28d9df
-
SHA256
fb9b5854dec8ea0fa87cdb95eac5f1cf8dd577961b2135290fe8fd26611a127d
-
SHA512
4c6003176b01da05776fa8656a96f1c7abe187a21ee126f6a860dfed9a8bfcfcb2b69bf02f370a586793bf9cd8e886ba8551f6b974d0e358e9d830c17ff3e1c1
-
SSDEEP
768:KIMAcRlqM0NHpe+MgS5WW8bbLs98fX6b/ET8VLM01X9oQH9:KNRlqM0Nc+MfN2Sb/EyX9oQH9
Static task
static1
Behavioral task
behavioral1
Sample
pdf_trk_invoice.scr
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
pdf_trk_invoice.scr
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
pdf_trk_invoice.scr
-
Size
49KB
-
MD5
5f2a7d126ea1bca68f12982a44a952f5
-
SHA1
d46f6b41b4be0e2eb999192d18a4269d34726d2f
-
SHA256
63ccc3cbb3b29c697dbcb6b8c9b5de8c1ecdcefb3a1ed9a8f2c3e594b3c60fbd
-
SHA512
caaacf0df796922eae102204766761de59ceac2f55bae2c6a367ab8be713aaaf4c5c49b388815ad130246cccb6e13086faf01800ffc3f407fa788549efe2a102
-
SSDEEP
768:AQR2QFShXLBmomuvG1ozfCO2PvSW2tezCnC5DWn1kovKbSsORNbhClxWBEbXV/:PTShLBpvBfCVv0NYDWnCoBRNFCDnV/
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-