General
-
Target
JaffaCakes118_544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050
-
Size
1.2MB
-
Sample
241224-2msqyayrhw
-
MD5
a46f5223d2ec4625f6db30f3814a90f1
-
SHA1
af7aea699e4f8958eb28ec2fd5fa36ff1ef3ee19
-
SHA256
544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050
-
SHA512
8b845ab5134202ec6213ad4693a838e77e315a469d3f2791e1d9881aaf5b0ec4a9de8c011167cdd97ea1cc3e3321b3d319cc2910666145abfabb455cd3be966a
-
SSDEEP
24576:gB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:gBSDnV3XRfJ/emAUscMoCVuw
Behavioral task
behavioral1
Sample
JaffaCakes118_544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
JaffaCakes118_544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050
-
Size
1.2MB
-
MD5
a46f5223d2ec4625f6db30f3814a90f1
-
SHA1
af7aea699e4f8958eb28ec2fd5fa36ff1ef3ee19
-
SHA256
544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050
-
SHA512
8b845ab5134202ec6213ad4693a838e77e315a469d3f2791e1d9881aaf5b0ec4a9de8c011167cdd97ea1cc3e3321b3d319cc2910666145abfabb455cd3be966a
-
SSDEEP
24576:gB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:gBSDnV3XRfJ/emAUscMoCVuw
-
Blackmoon family
-
Detect Blackmoon payload
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-