General
-
Target
b4ed881623997b6417817c35cc4f1834_JaffaCakes118
-
Size
151KB
-
Sample
241130-fvadnsymap
-
MD5
b4ed881623997b6417817c35cc4f1834
-
SHA1
cef1af6d98134c054c76294712476fdb6aee179a
-
SHA256
ce32aaa17728dfa9711bdc5162c0c3dd37f0ab4f6d57d245c86edb90de68c4d9
-
SHA512
2c69b213c2e748f438e570a8a9e2e081d33b81544f8ea959a1555cb50f2062303b4eb1af38935bd6066549256381f162c6c62e8c83938b5ac7a160e0ebe80a96
-
SSDEEP
3072:9UDn2tlbBJ4pa7j4g3F3j+k3hh17zgPj0TyGkndIL:9UDn2rbEpa7Mglj+Kbt8j0ZMm
Malware Config
Targets
-
-
Target
b4ed881623997b6417817c35cc4f1834_JaffaCakes118
-
Size
151KB
-
MD5
b4ed881623997b6417817c35cc4f1834
-
SHA1
cef1af6d98134c054c76294712476fdb6aee179a
-
SHA256
ce32aaa17728dfa9711bdc5162c0c3dd37f0ab4f6d57d245c86edb90de68c4d9
-
SHA512
2c69b213c2e748f438e570a8a9e2e081d33b81544f8ea959a1555cb50f2062303b4eb1af38935bd6066549256381f162c6c62e8c83938b5ac7a160e0ebe80a96
-
SSDEEP
3072:9UDn2tlbBJ4pa7j4g3F3j+k3hh17zgPj0TyGkndIL:9UDn2rbEpa7Mglj+Kbt8j0ZMm
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-