General
-
Target
JaffaCakes118_8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65
-
Size
288KB
-
Sample
241230-ffvq3aymfk
-
MD5
f959677f1823dff599d226429d95c0e6
-
SHA1
02b546733236c788dec7c680ec38afa03dc5960d
-
SHA256
8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65
-
SHA512
7e3781b42b4d2f7533523c986d0778a53ea7e995fa794c5196d49fe2229892519472cff53f6787b7a8c7f307dde0c58bd2be167b90f3c5b59a369796c3ba8547
-
SSDEEP
6144:GEKG/ZO3j4Tdo89lYaJNB0da/IWf9GVoMsCE4U78tSYX6wD:GEBZO2dRlYUNidhWf2ovL7AX
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65.msi
Resource
win10v2004-20241007-en
Malware Config
Extracted
revengerat
Nov333
80.82.68.21:3333
RV_MUTEX-FtNHuiGGjjtnxDp
Targets
-
-
Target
JaffaCakes118_8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65
-
Size
288KB
-
MD5
f959677f1823dff599d226429d95c0e6
-
SHA1
02b546733236c788dec7c680ec38afa03dc5960d
-
SHA256
8e57e91b007a4aea044f90adce393d0a78465d62df8f70a4022f5a4533c3fd65
-
SHA512
7e3781b42b4d2f7533523c986d0778a53ea7e995fa794c5196d49fe2229892519472cff53f6787b7a8c7f307dde0c58bd2be167b90f3c5b59a369796c3ba8547
-
SSDEEP
6144:GEKG/ZO3j4Tdo89lYaJNB0da/IWf9GVoMsCE4U78tSYX6wD:GEBZO2dRlYUNidhWf2ovL7AX
-
Revengerat family
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-