General
-
Target
JaffaCakes118_510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43
-
Size
1.2MB
-
Sample
241222-xhssxsvrez
-
MD5
a3596ef8e0a78e7fcdbb43d2ac2d82d6
-
SHA1
ff2a32c998b14a5bc16e7131fd3ddf2591304179
-
SHA256
510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43
-
SHA512
bd04a81f59a631c6a178c004724d5e93b463f859739262203a2eccc781ef74eef92435e4339d4264706ef3c7a3df0f94b9c1882dd8edcd85c2f86823b7fb01e9
-
SSDEEP
24576:dB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:dBSDnV3XRfJ/emAUscMoCVuw
Behavioral task
behavioral1
Sample
JaffaCakes118_510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
JaffaCakes118_510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43
-
Size
1.2MB
-
MD5
a3596ef8e0a78e7fcdbb43d2ac2d82d6
-
SHA1
ff2a32c998b14a5bc16e7131fd3ddf2591304179
-
SHA256
510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43
-
SHA512
bd04a81f59a631c6a178c004724d5e93b463f859739262203a2eccc781ef74eef92435e4339d4264706ef3c7a3df0f94b9c1882dd8edcd85c2f86823b7fb01e9
-
SSDEEP
24576:dB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:dBSDnV3XRfJ/emAUscMoCVuw
-
Blackmoon family
-
Detect Blackmoon payload
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-