General

  • Target

    b5faa8cb97d8e4243e7682e87b4564d5_JaffaCakes118

  • Size

    5.2MB

  • Sample

    240822-cr7yzstdpe

  • MD5

    b5faa8cb97d8e4243e7682e87b4564d5

  • SHA1

    e2ac4280853b4f92d3a24cd36987385916c979f2

  • SHA256

    d22e27507344c9b12dc9430cbdb3b542ec8ad2e68c2619f62fa7e1bd19ff6494

  • SHA512

    f810474a7445bd42a9b457e7c8400a8df38240f901f7bd39918a6498db0e13d13cee06fb736ecb4b8fa2e3a2c6905836202c6d158ea2566c2bffec6b12155ab1

  • SSDEEP

    49152:MyZ9wwolyh57ZMGANtVXhbjoB2us6VE9:MQZNzKRbcBrVE9

Score
7/10

Malware Config

Targets

    • Target

      b5faa8cb97d8e4243e7682e87b4564d5_JaffaCakes118

    • Size

      5.2MB

    • MD5

      b5faa8cb97d8e4243e7682e87b4564d5

    • SHA1

      e2ac4280853b4f92d3a24cd36987385916c979f2

    • SHA256

      d22e27507344c9b12dc9430cbdb3b542ec8ad2e68c2619f62fa7e1bd19ff6494

    • SHA512

      f810474a7445bd42a9b457e7c8400a8df38240f901f7bd39918a6498db0e13d13cee06fb736ecb4b8fa2e3a2c6905836202c6d158ea2566c2bffec6b12155ab1

    • SSDEEP

      49152:MyZ9wwolyh57ZMGANtVXhbjoB2us6VE9:MQZNzKRbcBrVE9

    Score
    7/10
    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks