General
-
Target
ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118
-
Size
86KB
-
Sample
241213-wjrrkswpct
-
MD5
ecb3813f085ebddaf4db54de33befe3f
-
SHA1
dbffd3e183a8c2aeedc6efab08ae8386480fb3e9
-
SHA256
dabf7cbe969e8615ba10aded2a1668d16c217381bfc0652aba26d87e42218522
-
SHA512
8e0b33c07a14ef58e8ffff2e826c92cfd7976ceae68e40e6ad5de55ac7d7bca8962473b0ff1e74969392e653c2b813be6410bfa1474e5fa8be7f197957684102
-
SSDEEP
1536:GZmq59UQhFwPXmsSvVu1AzltDlJTe0Pr5AnjaKlG8BL:W9Uk2bQfzfDTeYEjaCL
Static task
static1
Behavioral task
behavioral1
Sample
ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118
-
Size
86KB
-
MD5
ecb3813f085ebddaf4db54de33befe3f
-
SHA1
dbffd3e183a8c2aeedc6efab08ae8386480fb3e9
-
SHA256
dabf7cbe969e8615ba10aded2a1668d16c217381bfc0652aba26d87e42218522
-
SHA512
8e0b33c07a14ef58e8ffff2e826c92cfd7976ceae68e40e6ad5de55ac7d7bca8962473b0ff1e74969392e653c2b813be6410bfa1474e5fa8be7f197957684102
-
SSDEEP
1536:GZmq59UQhFwPXmsSvVu1AzltDlJTe0Pr5AnjaKlG8BL:W9Uk2bQfzfDTeYEjaCL
Score10/10-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-