General
-
Target
JaffaCakes118_20b54556a3a3101e060d2d04621b33d5
-
Size
157KB
-
Sample
250124-mzj71avmet
-
MD5
20b54556a3a3101e060d2d04621b33d5
-
SHA1
a18f78bc460e15ce2f98fae4423d4856728a3a31
-
SHA256
56c1a28f84e286c53178a2d631a1df4409bdb5fa0c0452a244ea9defc4d6d2ad
-
SHA512
59ce38cd81a14d9a76e671dc6685702a458d2dd6021ae95f18e123782e79c0ba31356426f694b3ee7c31e16953f52afc4091aeef19367a3ef86d2b857ad5ff0b
-
SSDEEP
3072:waFoV8RSJAm1gJ5LHRpL48eSURN5QCwJ9OcMkEeIhvryajU0of3Qw4+:waKAm1gfHR5nenTcXIH1w4
Malware Config
Targets
-
-
Target
JaffaCakes118_20b54556a3a3101e060d2d04621b33d5
-
Size
157KB
-
MD5
20b54556a3a3101e060d2d04621b33d5
-
SHA1
a18f78bc460e15ce2f98fae4423d4856728a3a31
-
SHA256
56c1a28f84e286c53178a2d631a1df4409bdb5fa0c0452a244ea9defc4d6d2ad
-
SHA512
59ce38cd81a14d9a76e671dc6685702a458d2dd6021ae95f18e123782e79c0ba31356426f694b3ee7c31e16953f52afc4091aeef19367a3ef86d2b857ad5ff0b
-
SSDEEP
3072:waFoV8RSJAm1gJ5LHRpL48eSURN5QCwJ9OcMkEeIhvryajU0of3Qw4+:waKAm1gfHR5nenTcXIH1w4
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-