General
-
Target
82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118
-
Size
77KB
-
Sample
241031-n6agtaybpm
-
MD5
82f0309a6dbee13e2f45ad49ee66b743
-
SHA1
2a9f684036b7f95668aad84658a33d454085d4ca
-
SHA256
eca385dd03835cf03e5030de9a2761edc7c3e5d2b59433a5a4c01851fd502b33
-
SHA512
6933ca6c46662d37393784dea65a9c09ff125f26aed9b69b85d952dc2323837511a83bfdf504ce298cc0a2b3b718af3ce5305f9830528ab9a3a7e0b6838cdced
-
SSDEEP
768:/9Ndl0gzhY+eLA7gLa1eaf5EKbW1bY65h2WWVBYT:zdl0gtY+YLaFfzSbYEEzg
Static task
static1
Behavioral task
behavioral1
Sample
82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118
-
Size
77KB
-
MD5
82f0309a6dbee13e2f45ad49ee66b743
-
SHA1
2a9f684036b7f95668aad84658a33d454085d4ca
-
SHA256
eca385dd03835cf03e5030de9a2761edc7c3e5d2b59433a5a4c01851fd502b33
-
SHA512
6933ca6c46662d37393784dea65a9c09ff125f26aed9b69b85d952dc2323837511a83bfdf504ce298cc0a2b3b718af3ce5305f9830528ab9a3a7e0b6838cdced
-
SSDEEP
768:/9Ndl0gzhY+eLA7gLa1eaf5EKbW1bY65h2WWVBYT:zdl0gtY+YLaFfzSbYEEzg
Score10/10-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-