General

  • Target

    4be2ff1faa9ebe8e443ec78e780094a7_JaffaCakes118

  • Size

    987KB

  • Sample

    241016-h45maayena

  • MD5

    4be2ff1faa9ebe8e443ec78e780094a7

  • SHA1

    6ea02569db2f5a8d15b5ecc7672a2279693ac037

  • SHA256

    228c6db52e82433ea665d4c7f859c7751c10a03cd50116369e061175efb8d806

  • SHA512

    24e8afe6366b699ffff26f58328a9525e5660c275b94c9b286f6b65be38d97a616482de52ac133500ab5e62d524c23334c39b8df873d875beb721f29080f6c58

  • SSDEEP

    24576:0PGfqP12j6QnKiJMpyMUgtsm5ct4frMBGc0776C+j4iW3UNC:tgVkdJMpyMUI55cefoBGbVuY3UNC

Malware Config

Targets

    • Target

      CF͸0930sp1.exe

    • Size

      2.2MB

    • MD5

      9e0e4d2cc93135af74915c35940a0d08

    • SHA1

      9fec356313ab1bd1e886db07d3095bb640ae51b0

    • SHA256

      ade88257153b2a77a9d022ac4bf9e93b7d0ee2a164f253d878699be66968446f

    • SHA512

      da4ed56fa3af9a13c1effabe9cf8a877b683627038fc41323c5a94e62510f14b4296bdfde626915c0052f3fe59c9cfb36eabc1a47f74b990b330be27f1ee80a6

    • SSDEEP

      24576:vosp9dXfsXmAxolvXl1aIanm9whlkr1jHe4BpLikcFGnslauITs0/9EgwOY/VOsZ:v/tv39ekxjHe+9B/gDOsmbwANvx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Ϸ.url

    • Size

      168B

    • MD5

      ff1050dbffd353fcf1b33e1b98c46a43

    • SHA1

      84d1da117d9fa9adb5092180f945288f6bd350c4

    • SHA256

      264ced769e31afc066f90002420c4c52fae622a340483e35d149e3db836ed3d5

    • SHA512

      590bfca4916ac3b2cd4898d67fee017d5ba2b3129bfee51ba79bcbb04d1a593af28cd0724ee9f9bac75de8efe2bfbd9e15a086cece1b8ca47b64a70151db7f2c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks