General
-
Target
JaffaCakes118_e2cb00e0034e74105420f0a7db345810
-
Size
1.1MB
-
Sample
250120-lay47aslcy
-
MD5
e2cb00e0034e74105420f0a7db345810
-
SHA1
544f71ea796e978ae1e75cdeedfd07948cab3a5f
-
SHA256
14673354ec7af29a9fb32ac852301d725d6689c0e446be27cb7f5dd2f4bbfd35
-
SHA512
4a091358d20ee84263ec3577fd23819047476c19cd293866e8825327247026a281968b75b21a98184080441b910846df8ca3dd961192c21e7817dc5c3defc8b9
-
SSDEEP
24576:L88g/MPwUI6iyh1DDjvxDEkTzlGr6WmhQry+EefXdXT0n+TQ:A8gEPwUI6iyDJDEkl7WmhkyB0FAwQ
Malware Config
Targets
-
-
Target
JaffaCakes118_e2cb00e0034e74105420f0a7db345810
-
Size
1.1MB
-
MD5
e2cb00e0034e74105420f0a7db345810
-
SHA1
544f71ea796e978ae1e75cdeedfd07948cab3a5f
-
SHA256
14673354ec7af29a9fb32ac852301d725d6689c0e446be27cb7f5dd2f4bbfd35
-
SHA512
4a091358d20ee84263ec3577fd23819047476c19cd293866e8825327247026a281968b75b21a98184080441b910846df8ca3dd961192c21e7817dc5c3defc8b9
-
SSDEEP
24576:L88g/MPwUI6iyh1DDjvxDEkTzlGr6WmhQry+EefXdXT0n+TQ:A8gEPwUI6iyDJDEkl7WmhkyB0FAwQ
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-