General
-
Target
989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118
-
Size
684KB
-
Sample
240815-c5ymgawajk
-
MD5
989fe32c814a09a49cbb56443de5d1d7
-
SHA1
ccdf0e1e4365395016533cf162a2e434879dd943
-
SHA256
5d91e845ee3f9446a24ca36ad0e215c44164492efd2fb0e5d8eb423645a8968b
-
SHA512
921c281be5dfe1c4d35e39779b9321ed913ad3c1f49c909e7acfd39601bb3625f810790f0f088eb6f8b40b895a05c02b792b295608ca3239c7fd7c1b0950d8ca
-
SSDEEP
12288:C6HgI0cchRB19jEfo3DPtITbL4kEJXqQUDVGMUIA:CB1Dl6o3D1IXXEJaXVGY
Malware Config
Targets
-
-
Target
989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118
-
Size
684KB
-
MD5
989fe32c814a09a49cbb56443de5d1d7
-
SHA1
ccdf0e1e4365395016533cf162a2e434879dd943
-
SHA256
5d91e845ee3f9446a24ca36ad0e215c44164492efd2fb0e5d8eb423645a8968b
-
SHA512
921c281be5dfe1c4d35e39779b9321ed913ad3c1f49c909e7acfd39601bb3625f810790f0f088eb6f8b40b895a05c02b792b295608ca3239c7fd7c1b0950d8ca
-
SSDEEP
12288:C6HgI0cchRB19jEfo3DPtITbL4kEJXqQUDVGMUIA:CB1Dl6o3D1IXXEJaXVGY
Score9/10-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Enables test signing to bypass driver trust controls
Allows any signed driver to load without validation against a trusted certificate authority.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-