General
-
Target
de123e738152734e971b631309d9cc07_JaffaCakes118
-
Size
85KB
-
Sample
241210-wxedeaxpeq
-
MD5
de123e738152734e971b631309d9cc07
-
SHA1
eb78a3a8e21251effe78664d65df84de5b7bef78
-
SHA256
e9c6035934b2f3758634fed98f6d50112775ae5aa6f9d489479601b40c409af8
-
SHA512
97c0c92242f4882204523d0c7c4886d7afda5239ebdcec3937d67ff3b57d3a044afb14e749c9ee566f7c630f8b7c000bbaea733205957a0ea7c64cafa1738eb2
-
SSDEEP
1536:wA2oK6c4mAbgzfIX185fvRcNUvrHXJA11a2Aic:j2mfdbGnvRcNUvbXJA184c
Static task
static1
Behavioral task
behavioral1
Sample
de123e738152734e971b631309d9cc07_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
de123e738152734e971b631309d9cc07_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
de123e738152734e971b631309d9cc07_JaffaCakes118
-
Size
85KB
-
MD5
de123e738152734e971b631309d9cc07
-
SHA1
eb78a3a8e21251effe78664d65df84de5b7bef78
-
SHA256
e9c6035934b2f3758634fed98f6d50112775ae5aa6f9d489479601b40c409af8
-
SHA512
97c0c92242f4882204523d0c7c4886d7afda5239ebdcec3937d67ff3b57d3a044afb14e749c9ee566f7c630f8b7c000bbaea733205957a0ea7c64cafa1738eb2
-
SSDEEP
1536:wA2oK6c4mAbgzfIX185fvRcNUvrHXJA11a2Aic:j2mfdbGnvRcNUvbXJA184c
Score10/10-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-