General
-
Target
6e5fee26b4f3d2cbd7fe4e294b0f3486_JaffaCakes118
-
Size
1.4MB
-
Sample
241023-mc95xawfqk
-
MD5
6e5fee26b4f3d2cbd7fe4e294b0f3486
-
SHA1
82a77e8a18556010cab18f73f3b2c3f452c4c7d6
-
SHA256
74b888a2975e0f66cc304fdb8a85379e7b197561e1c9235cb22a2b824cd1f6f3
-
SHA512
6cb0a7c7a14738333c457a887f7785cbb7adaf1976d7275c1da996e2b2a79ebb5e33ab8394425dff7678eac77922d1f1f0ddbc66c0df3c013a6357c3840575d3
-
SSDEEP
24576:zmVH8dV6Jz02CQ/wQZsOvYhuMwA9sm8xMMmIrBYRU8bzAV9/2oQ0tr9yF:m8d0JwBQ4QZBvYY3A9UxMCB8by/s0mF
Malware Config
Targets
-
-
Target
CFӸɼͥͨðv10.12sp1.exe
-
Size
2.8MB
-
MD5
0b0c72fa60763f649a41884da25cdaf1
-
SHA1
9797d01ea8643803fa27aa8f361d56dee50b781a
-
SHA256
f873e3b591c331fbb493a8fb6fad6a2d453bf3a967eb623dfe4497e9275277a6
-
SHA512
49f181aae0ed9ffb1b3e9c23bf33703f4396e808d79127bb1857f1eead151f609417695e2904eca1139dd8e99e9d8aae21d3d1208dcd4cc7440375d6ffeb9a0f
-
SSDEEP
49152:o6dUg1hqV4jmMlEdOcxYdn9Fb27zvXvs09PTXiBOu:IKhnmMqdOcxYg77/s09bX7
Score7/10-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Ϸ.url
-
Size
168B
-
MD5
ff1050dbffd353fcf1b33e1b98c46a43
-
SHA1
84d1da117d9fa9adb5092180f945288f6bd350c4
-
SHA256
264ced769e31afc066f90002420c4c52fae622a340483e35d149e3db836ed3d5
-
SHA512
590bfca4916ac3b2cd4898d67fee017d5ba2b3129bfee51ba79bcbb04d1a593af28cd0724ee9f9bac75de8efe2bfbd9e15a086cece1b8ca47b64a70151db7f2c
Score1/10 -