General
-
Target
c06e1f1cc8b41d2662accefdeb647e46_JaffaCakes118
-
Size
277KB
-
Sample
240825-lcd7ssycqk
-
MD5
c06e1f1cc8b41d2662accefdeb647e46
-
SHA1
466a8a4d65ebcc53b918400e203004802ae6e983
-
SHA256
9d1b86c49f0935b288ec983433b75b0ad677d2cf528967ac77e5bff55fbcf1b1
-
SHA512
d108d53d3a630f46ea334badb2a34f3ec367af974c42d77926fabb4bafd74397c00d2e033411213186fe75ea1eccf2ae15783ed433ba01f80fe8d7b182f36251
-
SSDEEP
6144:LEtGL2CvkyjIWpa90mOoDst8eLhQT/Dnov3evYPNTR8jM5dhQM:5LWyjI0MGe4Id6d8jM3hQM
Malware Config
Targets
-
-
Target
c06e1f1cc8b41d2662accefdeb647e46_JaffaCakes118
-
Size
277KB
-
MD5
c06e1f1cc8b41d2662accefdeb647e46
-
SHA1
466a8a4d65ebcc53b918400e203004802ae6e983
-
SHA256
9d1b86c49f0935b288ec983433b75b0ad677d2cf528967ac77e5bff55fbcf1b1
-
SHA512
d108d53d3a630f46ea334badb2a34f3ec367af974c42d77926fabb4bafd74397c00d2e033411213186fe75ea1eccf2ae15783ed433ba01f80fe8d7b182f36251
-
SSDEEP
6144:LEtGL2CvkyjIWpa90mOoDst8eLhQT/Dnov3evYPNTR8jM5dhQM:5LWyjI0MGe4Id6d8jM3hQM
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-