General
-
Target
d57e41a0f7e51bc84cb35fb008a9c22f_JaffaCakes118
-
Size
3.9MB
-
Sample
240909-clsl4swgmm
-
MD5
d57e41a0f7e51bc84cb35fb008a9c22f
-
SHA1
fd094cb8b97e21a8f4c98b6ba82ade23680c6560
-
SHA256
216ca3d3e6a0ae8051b8eecaac776307e7b325b32e6d5fb3a7c7d02134c5a834
-
SHA512
128e5f844f137142e02c59d5f230ca2931299c92c5a720702e39ddc44651777938550fd968fa1e8c52ce16b65531954125cb46a05b370834895e238085c609b0
-
SSDEEP
49152:T9JE1thOH+myT0jQ7GXzU3SQq+QEg1lx0ckX1grNKTLto2Yh01ziRW9PW1/gCieH:Jeih6GXzJQ5c8KNKvOh01yuneSt1a6/y
Malware Config
Targets
-
-
Target
d57e41a0f7e51bc84cb35fb008a9c22f_JaffaCakes118
-
Size
3.9MB
-
MD5
d57e41a0f7e51bc84cb35fb008a9c22f
-
SHA1
fd094cb8b97e21a8f4c98b6ba82ade23680c6560
-
SHA256
216ca3d3e6a0ae8051b8eecaac776307e7b325b32e6d5fb3a7c7d02134c5a834
-
SHA512
128e5f844f137142e02c59d5f230ca2931299c92c5a720702e39ddc44651777938550fd968fa1e8c52ce16b65531954125cb46a05b370834895e238085c609b0
-
SSDEEP
49152:T9JE1thOH+myT0jQ7GXzU3SQq+QEg1lx0ckX1grNKTLto2Yh01ziRW9PW1/gCieH:Jeih6GXzJQ5c8KNKvOh01yuneSt1a6/y
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-