General
-
Target
bcd5f195b5d35d455738c69483251409_JaffaCakes118
-
Size
15.9MB
-
Sample
240404-trxlpach67
-
MD5
bcd5f195b5d35d455738c69483251409
-
SHA1
3ba153aa7b7f31bfd93814e6ba80600f90218aeb
-
SHA256
46a2f2a32fe5ecb8781776e42f76c4be0efe176364fc3fd46ff67b8f904888de
-
SHA512
2a299ddca96920ec6c98230e06d9bc0814a86ccfeda7c84ac6d84809227ed017959aeb2e9b709074a08dc059251c51d8159015e97192e59f4b6ed84f9301f48d
-
SSDEEP
393216:hg7u7g7u7g7u7g7u7g7u7g7u7g7u7g7uN:SSMSMSMSMSMSMSMSN
Malware Config
Targets
-
-
Target
bcd5f195b5d35d455738c69483251409_JaffaCakes118
-
Size
15.9MB
-
MD5
bcd5f195b5d35d455738c69483251409
-
SHA1
3ba153aa7b7f31bfd93814e6ba80600f90218aeb
-
SHA256
46a2f2a32fe5ecb8781776e42f76c4be0efe176364fc3fd46ff67b8f904888de
-
SHA512
2a299ddca96920ec6c98230e06d9bc0814a86ccfeda7c84ac6d84809227ed017959aeb2e9b709074a08dc059251c51d8159015e97192e59f4b6ed84f9301f48d
-
SSDEEP
393216:hg7u7g7u7g7u7g7u7g7u7g7u7g7u7g7uN:SSMSMSMSMSMSMSMSN
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-