General
-
Target
1ac753c59c28070cb10bf0eb25ee165c_JaffaCakes118
-
Size
712KB
-
Sample
240701-lheqhstere
-
MD5
1ac753c59c28070cb10bf0eb25ee165c
-
SHA1
80f35da575f811a9ac21ebc9eb7e51ec9ddbe4d8
-
SHA256
62e858cdb0da451a083d794a0372412b8d3f47f781e85ce2eacbf0efcb1436b4
-
SHA512
42cb0eaeca8a2e0b1a45b5ce9c3ce7e7c1bc29cc9937dc2751434555b2a15f56d1dab9816acc7c4ecdee8f370e66dd2ca48c26e2fe7f8d21c33ce6f366aab551
-
SSDEEP
12288:RAw66iL7A40720OzBh7O6/M/SSCt1JMsRnaBl3ca:qw66iLl0720O1NnmjCvGSna
Behavioral task
behavioral1
Sample
1ac753c59c28070cb10bf0eb25ee165c_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
1ac753c59c28070cb10bf0eb25ee165c_JaffaCakes118
-
Size
712KB
-
MD5
1ac753c59c28070cb10bf0eb25ee165c
-
SHA1
80f35da575f811a9ac21ebc9eb7e51ec9ddbe4d8
-
SHA256
62e858cdb0da451a083d794a0372412b8d3f47f781e85ce2eacbf0efcb1436b4
-
SHA512
42cb0eaeca8a2e0b1a45b5ce9c3ce7e7c1bc29cc9937dc2751434555b2a15f56d1dab9816acc7c4ecdee8f370e66dd2ca48c26e2fe7f8d21c33ce6f366aab551
-
SSDEEP
12288:RAw66iL7A40720OzBh7O6/M/SSCt1JMsRnaBl3ca:qw66iLl0720O1NnmjCvGSna
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-