General
-
Target
ed8b822deb0eebf7d81af692d01ac900_JaffaCakes118
-
Size
43KB
-
Sample
241214-hqcdkswphm
-
MD5
ed8b822deb0eebf7d81af692d01ac900
-
SHA1
8878df0f1b4d1f1a0a219ad9219e27a943b53bae
-
SHA256
c244625edfeb0a6286e37d953b212af2dc92910bb2e4fc2e90d5794e14700558
-
SHA512
2fef6428ff1eea567b5ebf58fee978351af630e0c888a3b93aa85273a8abfa15839af51bc0b4f55de358022646bed1aa0ab418e5b24f92300592f2e1ffe00436
-
SSDEEP
768:AehDjNCLbnnZvvBjFqYDHVsUS8IFjiPt4rGY3d46Z+H9s0V0AuQY:bhsfxDp6US806t46YJn0VJu3
Static task
static1
Behavioral task
behavioral1
Sample
Vodafone network MMS.jpeg.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Vodafone network MMS.jpeg.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Vodafone network MMS.jpeg.exe
-
Size
38KB
-
MD5
28eaa1040f6a8cc19e103b8032f8dc94
-
SHA1
e66e5855e2157386d7ce60dda2597bcc231df17c
-
SHA256
106026c21b0c973dbd18eb435a90e65bc87a7ee5d08f3773a0a6d951f8ff264e
-
SHA512
c1c0e4cdd3727d2ba91513d2a74e99270a5c71d14cf398e7b6fe82171a120006704184e28ce6601ab64502fa007b3d83afe9a1e9ed0e4395bc91cd7a1ff023bc
-
SSDEEP
768:jGVMgg916Uvz6HxGCM774vJVN/yf64q/2X4LhQoY:aM316Y+RY7UJqHdXohU
Score10/10-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-