General
-
Target
06fa5a3a31d897732f26390eeb0df214_JaffaCakes118
-
Size
196KB
-
Sample
241001-xh3ywsyekc
-
MD5
06fa5a3a31d897732f26390eeb0df214
-
SHA1
96e12d6816681e9d7f976c282a63e1738942b718
-
SHA256
de899cc4cc794b627778f5591d0d0acf26d02bc2f6d89d5be79105ddbbb8dc37
-
SHA512
1fb59717ba19ba7e5e681c40d5c6e1fe5a4ff398a20d1bfd0523eba5764102485f5a211b1b69809aa3c798d5cb145d7c02ef7cce1d0922af4b107aa8df9d1da4
-
SSDEEP
3072:KlVq2VeYr0WNGu3NCSh0jEjJT7haAdZ3fWZ6UbkS1ZqT/9ULvi9T9VPf5f59DxRc:uv5Ua0j0T7RdZ26Ux1maL0FvZUT
Malware Config
Targets
-
-
Target
06fa5a3a31d897732f26390eeb0df214_JaffaCakes118
-
Size
196KB
-
MD5
06fa5a3a31d897732f26390eeb0df214
-
SHA1
96e12d6816681e9d7f976c282a63e1738942b718
-
SHA256
de899cc4cc794b627778f5591d0d0acf26d02bc2f6d89d5be79105ddbbb8dc37
-
SHA512
1fb59717ba19ba7e5e681c40d5c6e1fe5a4ff398a20d1bfd0523eba5764102485f5a211b1b69809aa3c798d5cb145d7c02ef7cce1d0922af4b107aa8df9d1da4
-
SSDEEP
3072:KlVq2VeYr0WNGu3NCSh0jEjJT7haAdZ3fWZ6UbkS1ZqT/9ULvi9T9VPf5f59DxRc:uv5Ua0j0T7RdZ26Ux1maL0FvZUT
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-