General
-
Target
d59102be9aa92ee14ce511e6c69a209a_JaffaCakes118
-
Size
300KB
-
Sample
241208-gnmwvszpck
-
MD5
d59102be9aa92ee14ce511e6c69a209a
-
SHA1
059249afd0fdafef356de10b52ed8b6bd3619373
-
SHA256
d540495450d6e58a6e39643d3a8b466bfff2667c99dfdf495f02db61948ae536
-
SHA512
9a0cf31c733fbd0badfb0d6a2b7e9dd86bc66609ad09efea35d7c387800d3fa0afd6b02b5f9cc2a2b18e0fed3c6df1305389fb0ce09b3949458b196a660625c0
-
SSDEEP
6144:DUOOrPNcXH2dxJOR8ghuinEKbaHddGE2IPuCZdXqfPdI:ur9vJWhVnI3GExGCZwfe
Static task
static1
Behavioral task
behavioral1
Sample
d59102be9aa92ee14ce511e6c69a209a_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
d59102be9aa92ee14ce511e6c69a209a_JaffaCakes118
-
Size
300KB
-
MD5
d59102be9aa92ee14ce511e6c69a209a
-
SHA1
059249afd0fdafef356de10b52ed8b6bd3619373
-
SHA256
d540495450d6e58a6e39643d3a8b466bfff2667c99dfdf495f02db61948ae536
-
SHA512
9a0cf31c733fbd0badfb0d6a2b7e9dd86bc66609ad09efea35d7c387800d3fa0afd6b02b5f9cc2a2b18e0fed3c6df1305389fb0ce09b3949458b196a660625c0
-
SSDEEP
6144:DUOOrPNcXH2dxJOR8ghuinEKbaHddGE2IPuCZdXqfPdI:ur9vJWhVnI3GExGCZwfe
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-