General
-
Target
6fb2ef946e13c14d82e269508ce4dc9c_JaffaCakes118
-
Size
256KB
-
Sample
241023-s6qk9azenm
-
MD5
6fb2ef946e13c14d82e269508ce4dc9c
-
SHA1
0a4e9f566644e91d58eb05801ea021f21aac5bcc
-
SHA256
e30dccce744e54eacdbfe35614b868c548de007297f0234cf3a3c35e4caae825
-
SHA512
f706e7727f88cf1ff0185090a0e3af5a6f1f5efce829e395c01011054cb1264becf166daaecf01e2f0cc347b782028e9e46b3aade044dfbaae024906e3aefc4c
-
SSDEEP
6144:VMX+ZwNPbMIFM6xJzQB7jv7mahLnJz486b7D:+OZwbCB7jaa1nWBb7D
Malware Config
Targets
-
-
Target
6fb2ef946e13c14d82e269508ce4dc9c_JaffaCakes118
-
Size
256KB
-
MD5
6fb2ef946e13c14d82e269508ce4dc9c
-
SHA1
0a4e9f566644e91d58eb05801ea021f21aac5bcc
-
SHA256
e30dccce744e54eacdbfe35614b868c548de007297f0234cf3a3c35e4caae825
-
SHA512
f706e7727f88cf1ff0185090a0e3af5a6f1f5efce829e395c01011054cb1264becf166daaecf01e2f0cc347b782028e9e46b3aade044dfbaae024906e3aefc4c
-
SSDEEP
6144:VMX+ZwNPbMIFM6xJzQB7jv7mahLnJz486b7D:+OZwbCB7jaa1nWBb7D
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-