General
-
Target
06cd583d1d0d21bc71b94ab1dfc044a4_JaffaCakes118
-
Size
6.6MB
-
Sample
241001-wfvztssfqp
-
MD5
06cd583d1d0d21bc71b94ab1dfc044a4
-
SHA1
4f48f8dcc5142c2847ec932fd755960dcce8d5be
-
SHA256
725089d4c563cb99d1ebefd54128b4cd60411db05d175b8ee996823d525c5b33
-
SHA512
47c65d33b4eadce723e759ad00baf8631d2c553eebc4d20b07ab79245f041a7db7235e5b24c4345310d640184a24d2d819f330dcbac5c5dad8169dc012e011c2
-
SSDEEP
196608:SrLIf2KT1Stn53q9I43zhy8DQa8ztMk8Te5p5cJF:SrLFt53qK43LVVTKj0F
Malware Config
Targets
-
-
Target
Silverlight5.exe
-
Size
6.6MB
-
MD5
43478a6a7a03f282c4a48222b4d631b4
-
SHA1
f0c3c1bce3802addca966783a33db1b668261fb5
-
SHA256
dd45a55419026c592f8b6fc848dceface7e1ce98720bf13848a2e8ae366b29e8
-
SHA512
1f8b07d3954935d23ec5a9a930badb65782b55ac84847af8573349360d17b4a929dc998188b5650b3cd9955edf75fb2a373b81ebe8bca7e15563013f7a0a3f24
-
SSDEEP
196608:sV00eQaPgdCYb/Nxj56MQwpx7oljKTQ5JePjx30L54:sW0zaPoCM/j595x06mePd30l4
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
lpk.dll
-
Size
46KB
-
MD5
ed929d99fbdbd86f445dd1dd5d23e2f2
-
SHA1
a913745a4cbb5761c54c76c67b52733a00932d36
-
SHA256
092361443b094dae2e1a926686f05948959659197134cf1fcbed084fbd49bc7d
-
SHA512
45e7a71c2632392229b42ec919502e09f1ee8ab474652572151c49e7c1399fe414f32fe7cbacf6d9fb0d531f722bd1661d141a680e6a8879ab2c8d15d24589f9
-
SSDEEP
768:hojY9PVJdMmJyj0Ml+oi/XSpSZbVfDWoWyHaojY9Po:0mdJdMmJyDl+tVZQoWyHjmg
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-