General
-
Target
50dbaa452bdabcae1a363f2c0db2933f_JaffaCakes118
-
Size
1.6MB
-
Sample
241017-f4bcbsxdjk
-
MD5
50dbaa452bdabcae1a363f2c0db2933f
-
SHA1
542c6d81843b5c92e689a491b6e78e60f985b9ab
-
SHA256
84a007319eb0450731db6baac24d1045846da67af4ec8f8305651e2ba8e4277f
-
SHA512
f7d0bc49b3c54824cb58f54c29d7b5205f61a7ab0702dcfa8f2e70c13ad3f2eb63cdcbe02edc254adcfb0419113890fd0364e4b4375a554fa6049e94c28989d6
-
SSDEEP
49152:j3B1nHNpJL76/UnJcFTrPUZPmuN889BzJMQIf:jxhHNnKcZOux9fMQi
Static task
static1
Behavioral task
behavioral1
Sample
0EBE6A~1.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0EBE6A~1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
gifan.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
gifan.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0EBE6A~1.EXE
-
Size
244KB
-
MD5
0ebe6ab79b52e3c4e9603dfd32d9c2d2
-
SHA1
d0468c93c697abb3721d055a1b937a86c0b66b64
-
SHA256
7cf371d44c7b339f545a405262b3803675356cd5e60795eaab75c3292b7ff0f6
-
SHA512
4d2ad555c25ac9655da7e2c3bcdfc81458b6a351633e73081bc500d5b8bbf8a9d839d7ddaa34efbd31eabc510e16c917b887d4cd507744db6210122b4b1ddbb8
-
SSDEEP
3072:n4YLnt4iDPaUSS3JfqhdK4TqbFjvnO5+ficHmKs8KWlqEV2v4hE3DxlyTEW:4YSi/Df1FTOw/HmV8R4EV04hUDD6
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
-
-
Target
gifan.exe
-
Size
4.5MB
-
MD5
4e06b2b983dc1f7bfb832a58655dd725
-
SHA1
e9269a45ef584226af0d84f2322e5f11a8e1dffa
-
SHA256
9d0ddcc1d97c74cab71e22504fc1dc8517da525aa2e8a5a2b621dade6245cc68
-
SHA512
4b002d53cb08641573c05adf17c6b6b8240eb9e1b523f9fa415fee7b275a4a36f26433674f20c27663f34d90bb9d9bde7d5418f7ccf9da07cf41879b79db485d
-
SSDEEP
98304:mTc//////HSlIWYL2nanPdpXtj3Bot9szJQdtxYVOR2/HVQFe+D1Vn:GnanPdpdj3S9KseeVn
Score3/10 -