General
-
Target
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118
-
Size
145KB
-
Sample
240909-q66ala1fmp
-
MD5
d672b3a0263bddfa358dd126702b5bf9
-
SHA1
8eb2e79eb7dd7370ddb4a3c46fe85c39cf5f8937
-
SHA256
055c6ad96af409328ebe9a4e8ff7189e3a986508d32a2950223d6a1bc4afe98b
-
SHA512
82b1b9d54a9383b6e829d51e278f765d9489a426d98095cff821e2e9a57bb54079aed4aec830be87aa6f18f35aee41737967b389c0b08cce84ed2c71d14fe0cb
-
SSDEEP
3072:knN5HYBvjr5SM/yv7VDVKMOQg5H1i8fZ5Ys+iyXFm+GqVphIw:kNC5P5SwQDVKM0H1i8fZ5YxXFm+T
Malware Config
Targets
-
-
Target
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118
-
Size
145KB
-
MD5
d672b3a0263bddfa358dd126702b5bf9
-
SHA1
8eb2e79eb7dd7370ddb4a3c46fe85c39cf5f8937
-
SHA256
055c6ad96af409328ebe9a4e8ff7189e3a986508d32a2950223d6a1bc4afe98b
-
SHA512
82b1b9d54a9383b6e829d51e278f765d9489a426d98095cff821e2e9a57bb54079aed4aec830be87aa6f18f35aee41737967b389c0b08cce84ed2c71d14fe0cb
-
SSDEEP
3072:knN5HYBvjr5SM/yv7VDVKMOQg5H1i8fZ5Ys+iyXFm+GqVphIw:kNC5P5SwQDVKM0H1i8fZ5YxXFm+T
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-