General
-
Target
b824a6d87402d1a477753608ff6719d3_JaffaCakes118
-
Size
1.4MB
-
Sample
240822-sr7wzswhkp
-
MD5
b824a6d87402d1a477753608ff6719d3
-
SHA1
a4999c8c65fbb191b328846683b7a965875f4e52
-
SHA256
949a38c0e02d8bc73095cb0592dc713b4cf442ed1714c9c089e6fcb948ee1e37
-
SHA512
c23e46449baf773db9af85682176cf83246aa3164ce0e9f9592d035f4d011090053ed2ad7317746251496e5bf0332e908a866d12c90daf7c6220e86aeba7c415
-
SSDEEP
24576:NkWAAuqjg1H+3DzzZYf9RnKBxjL51OSDprPJqUyYfNtSebAwuiYKYglu8q/bPnKK:NC0ufc51hxgUyYfrSebtYKYsu8qDKMgE
Malware Config
Targets
-
-
Target
b824a6d87402d1a477753608ff6719d3_JaffaCakes118
-
Size
1.4MB
-
MD5
b824a6d87402d1a477753608ff6719d3
-
SHA1
a4999c8c65fbb191b328846683b7a965875f4e52
-
SHA256
949a38c0e02d8bc73095cb0592dc713b4cf442ed1714c9c089e6fcb948ee1e37
-
SHA512
c23e46449baf773db9af85682176cf83246aa3164ce0e9f9592d035f4d011090053ed2ad7317746251496e5bf0332e908a866d12c90daf7c6220e86aeba7c415
-
SSDEEP
24576:NkWAAuqjg1H+3DzzZYf9RnKBxjL51OSDprPJqUyYfNtSebAwuiYKYglu8q/bPnKK:NC0ufc51hxgUyYfrSebtYKYsu8qDKMgE
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-