General
-
Target
JaffaCakes118_0d928568ffd9f0f162d67b4bda82e1f0
-
Size
81KB
-
Sample
250604-qlp3waer6y
-
MD5
0d928568ffd9f0f162d67b4bda82e1f0
-
SHA1
3dde7913e5c9ca09566119dbcfafd83a060603f2
-
SHA256
117eea25592f3bfa04ee35e4b84394da099a24e19faf53cb822bb0380bd0bb92
-
SHA512
2b99aa085000cdff44dbec49c03e564e90a53964ec1d77cacde3c70b2820a245cc5d4ee37cb8c4989fc59060b627c9c7c52ddae0de3f8c673da1f74fba2fb1ed
-
SSDEEP
1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkN:KnT6kyxdL9L0bGdN
Malware Config
Targets
-
-
Target
JaffaCakes118_0d928568ffd9f0f162d67b4bda82e1f0
-
Size
81KB
-
MD5
0d928568ffd9f0f162d67b4bda82e1f0
-
SHA1
3dde7913e5c9ca09566119dbcfafd83a060603f2
-
SHA256
117eea25592f3bfa04ee35e4b84394da099a24e19faf53cb822bb0380bd0bb92
-
SHA512
2b99aa085000cdff44dbec49c03e564e90a53964ec1d77cacde3c70b2820a245cc5d4ee37cb8c4989fc59060b627c9c7c52ddae0de3f8c673da1f74fba2fb1ed
-
SSDEEP
1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkN:KnT6kyxdL9L0bGdN
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-