General
-
Target
c66a1261aafecfa89f1a18e2d022f659_JaffaCakes118
-
Size
157KB
-
Sample
240828-h5t7ya1crr
-
MD5
c66a1261aafecfa89f1a18e2d022f659
-
SHA1
80aa9859eea5c2e372cb4cec757dbdd6c6609586
-
SHA256
a8a1f7bdc2077e273f5fe69b4254ba42473b5db8061548f3ad8c35d990faa3e7
-
SHA512
4344e0006be67469b1b9e91dd5c2be658778e47da0e0687b3fd4fdfa4ea65ad7735a9f7d09e1190feae0cf6b2b21a06a0f8eb303f073422cc26088ec1da4ff18
-
SSDEEP
3072:cfI2gRG77z+b4Q8iagSd/m0bnZzqWPNnoa0zNwbGDMjQ20yuHZ231drLRWEmRwm9:wno87zw8Omm0TtqWPNnp0dY6H431dBWj
Malware Config
Targets
-
-
Target
c66a1261aafecfa89f1a18e2d022f659_JaffaCakes118
-
Size
157KB
-
MD5
c66a1261aafecfa89f1a18e2d022f659
-
SHA1
80aa9859eea5c2e372cb4cec757dbdd6c6609586
-
SHA256
a8a1f7bdc2077e273f5fe69b4254ba42473b5db8061548f3ad8c35d990faa3e7
-
SHA512
4344e0006be67469b1b9e91dd5c2be658778e47da0e0687b3fd4fdfa4ea65ad7735a9f7d09e1190feae0cf6b2b21a06a0f8eb303f073422cc26088ec1da4ff18
-
SSDEEP
3072:cfI2gRG77z+b4Q8iagSd/m0bnZzqWPNnoa0zNwbGDMjQ20yuHZ231drLRWEmRwm9:wno87zw8Omm0TtqWPNnp0dY6H431dBWj
Score10/10-
Vobfus
A widespread worm which spreads via network drives and removable media.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-