General
-
Target
d6a9846687363e09f916dddd227ad0a1_JaffaCakes118
-
Size
160KB
-
Sample
240909-tkgxnazanb
-
MD5
d6a9846687363e09f916dddd227ad0a1
-
SHA1
bbf2583a8b1ef356fc501443be6782917a3e3a0d
-
SHA256
07672d42b6193904bde4d17241813b1b590c219622f535127980105c98a98c32
-
SHA512
efddea9c2ff4adc018d7abb70ccca6341c12016cb30255db4a625797adf5240386cf2ef06ca7a6117f7cda8cff8bdf993a88cc7d08fd18c00c2811db39e353d0
-
SSDEEP
3072:gaGhtzrAxhQBLU9CJNE/FTDxFBm43TwrbiZntpzZMGz0jStpdd:8hNsgg9CJyDwkTwktPMLG
Malware Config
Targets
-
-
Target
d6a9846687363e09f916dddd227ad0a1_JaffaCakes118
-
Size
160KB
-
MD5
d6a9846687363e09f916dddd227ad0a1
-
SHA1
bbf2583a8b1ef356fc501443be6782917a3e3a0d
-
SHA256
07672d42b6193904bde4d17241813b1b590c219622f535127980105c98a98c32
-
SHA512
efddea9c2ff4adc018d7abb70ccca6341c12016cb30255db4a625797adf5240386cf2ef06ca7a6117f7cda8cff8bdf993a88cc7d08fd18c00c2811db39e353d0
-
SSDEEP
3072:gaGhtzrAxhQBLU9CJNE/FTDxFBm43TwrbiZntpzZMGz0jStpdd:8hNsgg9CJyDwkTwktPMLG
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-