General
-
Target
6d5d0869cf35cce167a449bc0507dede_JaffaCakes118
-
Size
38KB
-
Sample
241023-ghey3atera
-
MD5
6d5d0869cf35cce167a449bc0507dede
-
SHA1
502cf9dc76df7946588db0705587ac9eb131c30b
-
SHA256
cb81a4ed85f64bf07cddf8134e4373a183da4200e54510b45107e59f9f008c19
-
SHA512
399bfb6e41e6a97de72368330626796e039b52c4ba66637dced37a7e1823ea1ba8e660c592b04445ae488c80a4e0d6f60e966e1267f8110dcbd17fcdbe43a82c
-
SSDEEP
768:N8JRCx+RrKADVwtkstDxnK95ZU+hIFGPtxdFghB:N8JPrKADeXqrhCcHQB
Static task
static1
Behavioral task
behavioral1
Sample
6d5d0869cf35cce167a449bc0507dede_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6d5d0869cf35cce167a449bc0507dede_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6d5d0869cf35cce167a449bc0507dede_JaffaCakes118
-
Size
38KB
-
MD5
6d5d0869cf35cce167a449bc0507dede
-
SHA1
502cf9dc76df7946588db0705587ac9eb131c30b
-
SHA256
cb81a4ed85f64bf07cddf8134e4373a183da4200e54510b45107e59f9f008c19
-
SHA512
399bfb6e41e6a97de72368330626796e039b52c4ba66637dced37a7e1823ea1ba8e660c592b04445ae488c80a4e0d6f60e966e1267f8110dcbd17fcdbe43a82c
-
SSDEEP
768:N8JRCx+RrKADVwtkstDxnK95ZU+hIFGPtxdFghB:N8JPrKADeXqrhCcHQB
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-