General
-
Target
427d009c80a1f92ec530aa6202e6da9b_JaffaCakes118
-
Size
4.1MB
-
Sample
241014-qcn48awhlf
-
MD5
427d009c80a1f92ec530aa6202e6da9b
-
SHA1
118911522b5311109ced7c3dac1cf93d43e02923
-
SHA256
da117b939722264f7a9d56c6f59f9e1a2810c3a8eccb8d58ec8ed4c6eacdac96
-
SHA512
1be482180ce8617822e6629698805af72b4c2e5b07cfedd93bf88fbb0c709bd92dd0ec2613e0f23fba253e467a611c37160d9639edf5efb59de1b558efb5bdf1
-
SSDEEP
98304:hK70t/anRuMNRWUHrTmFVhKOqlHh4HCKnlAI92ZoSdBsg2Hd:hKY+AL2HhMXnKI+2gsd
Malware Config
Targets
-
-
Target
427d009c80a1f92ec530aa6202e6da9b_JaffaCakes118
-
Size
4.1MB
-
MD5
427d009c80a1f92ec530aa6202e6da9b
-
SHA1
118911522b5311109ced7c3dac1cf93d43e02923
-
SHA256
da117b939722264f7a9d56c6f59f9e1a2810c3a8eccb8d58ec8ed4c6eacdac96
-
SHA512
1be482180ce8617822e6629698805af72b4c2e5b07cfedd93bf88fbb0c709bd92dd0ec2613e0f23fba253e467a611c37160d9639edf5efb59de1b558efb5bdf1
-
SSDEEP
98304:hK70t/anRuMNRWUHrTmFVhKOqlHh4HCKnlAI92ZoSdBsg2Hd:hKY+AL2HhMXnKI+2gsd
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-