General
-
Target
e853cf244a669d2712dc7d27e57d9630_JaffaCakes118
-
Size
44KB
-
Sample
240408-y3zmmsag78
-
MD5
e853cf244a669d2712dc7d27e57d9630
-
SHA1
8173290e4e5dec35e1c40d514a298b0399b9a369
-
SHA256
12b681a686de5d8fb0aee797adf4ce103dc343f292f9b64ff8a7d787f26531d8
-
SHA512
7636fb97b9e76c0e224ce69805618011cc4f73d3bfdddd4814cac98cd365c22ed48816eb0852a50617248e15989b340c5796cff18011b6630a53fa93dd1ef68e
-
SSDEEP
768:JDI8yw6q0z1w1zThnHGazLJoivs+ChaVPenf0S:JDkhTqZhHzNZCrf
Malware Config
Targets
-
-
Target
e853cf244a669d2712dc7d27e57d9630_JaffaCakes118
-
Size
44KB
-
MD5
e853cf244a669d2712dc7d27e57d9630
-
SHA1
8173290e4e5dec35e1c40d514a298b0399b9a369
-
SHA256
12b681a686de5d8fb0aee797adf4ce103dc343f292f9b64ff8a7d787f26531d8
-
SHA512
7636fb97b9e76c0e224ce69805618011cc4f73d3bfdddd4814cac98cd365c22ed48816eb0852a50617248e15989b340c5796cff18011b6630a53fa93dd1ef68e
-
SSDEEP
768:JDI8yw6q0z1w1zThnHGazLJoivs+ChaVPenf0S:JDkhTqZhHzNZCrf
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-