General
-
Target
db38e36da291d270393cdf21f1825e59_JaffaCakes118
-
Size
41KB
-
Sample
240911-z1bngatdke
-
MD5
db38e36da291d270393cdf21f1825e59
-
SHA1
081023c7cc8df28c1d27b42091e6db84c6a01c46
-
SHA256
5a2a0fbb22b5821af344462dea3b7c5ea154600cd54b113d7b2bfad4254f1207
-
SHA512
9876f6ea1aba558072a2a4042433be6b0268e557c1cb19b70e21748517998a4296fc0fc4f7e71b996ad861cdb8cd2db9fef834544d99e0a67c0a4e3e84493d42
-
SSDEEP
768:Pj8VMqyyZCAXdZ1bgSoys/wpVcrswoA5hSiE:P4VRjXyF63AmP
Malware Config
Targets
-
-
Target
db38e36da291d270393cdf21f1825e59_JaffaCakes118
-
Size
41KB
-
MD5
db38e36da291d270393cdf21f1825e59
-
SHA1
081023c7cc8df28c1d27b42091e6db84c6a01c46
-
SHA256
5a2a0fbb22b5821af344462dea3b7c5ea154600cd54b113d7b2bfad4254f1207
-
SHA512
9876f6ea1aba558072a2a4042433be6b0268e557c1cb19b70e21748517998a4296fc0fc4f7e71b996ad861cdb8cd2db9fef834544d99e0a67c0a4e3e84493d42
-
SSDEEP
768:Pj8VMqyyZCAXdZ1bgSoys/wpVcrswoA5hSiE:P4VRjXyF63AmP
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-