General
-
Target
bfe5907319ce85275a0da104ac6a6e1e_JaffaCakes118
-
Size
319KB
-
Sample
241204-afa4rsxjfj
-
MD5
bfe5907319ce85275a0da104ac6a6e1e
-
SHA1
228750ecafa227649c70f02b097ba3cadc0d1011
-
SHA256
aca740bbd7d1d516678a62aad45cd3af5e67d44d3c021db25b42b3bafb9d8d97
-
SHA512
90ae69885b588131f34a02ef56fd306d59193c3c587779a49312964491087df5e6fd2e556e5a385f6d2e73e418b923c4275d9b2657d18e0ae75529974aabe619
-
SSDEEP
6144:RVL0NTPbglYAt3FKeCgJn4EWvZCcBSwUIv8gwwwQVQwM0:RVgNzElYiFfJ45BFkg9wKQw
Behavioral task
behavioral1
Sample
bfe5907319ce85275a0da104ac6a6e1e_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
bfe5907319ce85275a0da104ac6a6e1e_JaffaCakes118
-
Size
319KB
-
MD5
bfe5907319ce85275a0da104ac6a6e1e
-
SHA1
228750ecafa227649c70f02b097ba3cadc0d1011
-
SHA256
aca740bbd7d1d516678a62aad45cd3af5e67d44d3c021db25b42b3bafb9d8d97
-
SHA512
90ae69885b588131f34a02ef56fd306d59193c3c587779a49312964491087df5e6fd2e556e5a385f6d2e73e418b923c4275d9b2657d18e0ae75529974aabe619
-
SSDEEP
6144:RVL0NTPbglYAt3FKeCgJn4EWvZCcBSwUIv8gwwwQVQwM0:RVgNzElYiFfJ45BFkg9wKQw
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-