General
-
Target
c71d6136d7549559ebddf65a48dd6a06_JaffaCakes118
-
Size
153KB
-
Sample
240828-sryy3stdne
-
MD5
c71d6136d7549559ebddf65a48dd6a06
-
SHA1
d7d3a14231d2b467a515dabf203fcbc39683d689
-
SHA256
2e0f1487b90d72827b8fb51fd9cc5e4ee49220c1ca177722f276de63dfc5db6a
-
SHA512
770f4c4c61bb0726f1bfe3ee0249fb248a3899cf553597319c311de0d904d11328bc4d46ee63c6089a08e0efce1d82f798a06e8f2b073fb5441546cbeb2ff22e
-
SSDEEP
3072:KTLsLsGHC1Tc0JW458ql25l1EN4u8v3nEJ3kCWcLke:KP1GHST/JWw8qI6NInEiCWcL
Malware Config
Targets
-
-
Target
c71d6136d7549559ebddf65a48dd6a06_JaffaCakes118
-
Size
153KB
-
MD5
c71d6136d7549559ebddf65a48dd6a06
-
SHA1
d7d3a14231d2b467a515dabf203fcbc39683d689
-
SHA256
2e0f1487b90d72827b8fb51fd9cc5e4ee49220c1ca177722f276de63dfc5db6a
-
SHA512
770f4c4c61bb0726f1bfe3ee0249fb248a3899cf553597319c311de0d904d11328bc4d46ee63c6089a08e0efce1d82f798a06e8f2b073fb5441546cbeb2ff22e
-
SSDEEP
3072:KTLsLsGHC1Tc0JW458ql25l1EN4u8v3nEJ3kCWcLke:KP1GHST/JWw8qI6NInEiCWcL
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-