General
-
Target
dcc73acdbe031a60b10bdd284a97098a_JaffaCakes118
-
Size
172KB
-
Sample
240912-wsv6csxblk
-
MD5
dcc73acdbe031a60b10bdd284a97098a
-
SHA1
b1a143c64c636c4403e8998145c63f48cf8dc4ac
-
SHA256
9e7bd84630f476437f7e4659e2de65af73cba9134f824ffe934c71300959487b
-
SHA512
096894902091a0b1c2e5272ef90b670141e0d0553ca4ed5a434855f18920da8576063294ea3465bf70d1c9b6df3be6adced340b626a0c9ef95a2113b498c366c
-
SSDEEP
3072:SH69DiMTdgP6RvRP5VwYznpDB4vWwvbSlJHy/r/zMJmd7DMXj:/h3CSR1Q6L4vNvySj/zCgDM
Malware Config
Targets
-
-
Target
dcc73acdbe031a60b10bdd284a97098a_JaffaCakes118
-
Size
172KB
-
MD5
dcc73acdbe031a60b10bdd284a97098a
-
SHA1
b1a143c64c636c4403e8998145c63f48cf8dc4ac
-
SHA256
9e7bd84630f476437f7e4659e2de65af73cba9134f824ffe934c71300959487b
-
SHA512
096894902091a0b1c2e5272ef90b670141e0d0553ca4ed5a434855f18920da8576063294ea3465bf70d1c9b6df3be6adced340b626a0c9ef95a2113b498c366c
-
SSDEEP
3072:SH69DiMTdgP6RvRP5VwYznpDB4vWwvbSlJHy/r/zMJmd7DMXj:/h3CSR1Q6L4vNvySj/zCgDM
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-