General
-
Target
2c8bf1274594f349259ea98664ba54ed_JaffaCakes118
-
Size
189KB
-
Sample
241009-hcgq5sshpb
-
MD5
2c8bf1274594f349259ea98664ba54ed
-
SHA1
1ab5fd8cedc189d002b38e876fed7334f5f5c16c
-
SHA256
e932459a451223cf512984b9c6d5ce15ce2e1e036d880b1c181a204fa3573d0d
-
SHA512
0772a2a7eb6af4809a9cdd46395a8ab4bcabe03be3a79886cff0e16a6549ae14369451ac226681e2bd9be58d2beefc11a97c54617561d19011748c27275c7430
-
SSDEEP
3072:gOeevLaUXsUtXTl4nPf4QLNt3RP1veBsYP6d48yz:gOZ7XHNT+YQvveBZPfz
Malware Config
Targets
-
-
Target
2c8bf1274594f349259ea98664ba54ed_JaffaCakes118
-
Size
189KB
-
MD5
2c8bf1274594f349259ea98664ba54ed
-
SHA1
1ab5fd8cedc189d002b38e876fed7334f5f5c16c
-
SHA256
e932459a451223cf512984b9c6d5ce15ce2e1e036d880b1c181a204fa3573d0d
-
SHA512
0772a2a7eb6af4809a9cdd46395a8ab4bcabe03be3a79886cff0e16a6549ae14369451ac226681e2bd9be58d2beefc11a97c54617561d19011748c27275c7430
-
SSDEEP
3072:gOeevLaUXsUtXTl4nPf4QLNt3RP1veBsYP6d48yz:gOZ7XHNT+YQvveBZPfz
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-