General
-
Target
JaffaCakes118_01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb
-
Size
1.2MB
-
Sample
241223-qf18yszqct
-
MD5
bbcb209464fa0234fa3fa6316da54fe1
-
SHA1
4589fc844e4e5bd12f8b1d3854df48a5ddff49a7
-
SHA256
01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb
-
SHA512
8b14d8534918fd70f3b30b55e595c5c87aa31d2e761c5f1db3fc179bdb62968a0b3f44535c73dcaa2c49c5a1b97e2b7c32b1b502325dcbef5e51b9adc662339f
-
SSDEEP
24576:RB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:RBSDnV3XRfJ/emAUscMoCVuw
Behavioral task
behavioral1
Sample
JaffaCakes118_01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
JaffaCakes118_01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb
-
Size
1.2MB
-
MD5
bbcb209464fa0234fa3fa6316da54fe1
-
SHA1
4589fc844e4e5bd12f8b1d3854df48a5ddff49a7
-
SHA256
01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb
-
SHA512
8b14d8534918fd70f3b30b55e595c5c87aa31d2e761c5f1db3fc179bdb62968a0b3f44535c73dcaa2c49c5a1b97e2b7c32b1b502325dcbef5e51b9adc662339f
-
SSDEEP
24576:RB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:RBSDnV3XRfJ/emAUscMoCVuw
-
Blackmoon family
-
Detect Blackmoon payload
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-