General
-
Target
953fc8c092394c1b291928a7c0220394_JaffaCakes118
-
Size
164KB
-
Sample
240814-jwv9ba1dqh
-
MD5
953fc8c092394c1b291928a7c0220394
-
SHA1
57d17160522e3e93021615efda02259f33ec57b3
-
SHA256
a21393c23c3fdc5ce9c0127ff0ec7c035027517e30188057da13ed9cad0a3b04
-
SHA512
c25c03cb88bfb2c688640f82dbeaf36d464135971b30414852c55ddffe66e8ead9a9eeecacb31b90fe53c11c44c8d19c1ef599ca65fd85223c7bd9bd06794f6b
-
SSDEEP
3072:r96/+1FOjYNZq2gXv17490ZqkbujB9y0pbCnEs+x:VyENg2gXv17XqXWGo
Malware Config
Targets
-
-
Target
953fc8c092394c1b291928a7c0220394_JaffaCakes118
-
Size
164KB
-
MD5
953fc8c092394c1b291928a7c0220394
-
SHA1
57d17160522e3e93021615efda02259f33ec57b3
-
SHA256
a21393c23c3fdc5ce9c0127ff0ec7c035027517e30188057da13ed9cad0a3b04
-
SHA512
c25c03cb88bfb2c688640f82dbeaf36d464135971b30414852c55ddffe66e8ead9a9eeecacb31b90fe53c11c44c8d19c1ef599ca65fd85223c7bd9bd06794f6b
-
SSDEEP
3072:r96/+1FOjYNZq2gXv17490ZqkbujB9y0pbCnEs+x:VyENg2gXv17XqXWGo
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-