General
-
Target
fd6f4248127c6cc0c7adbb2d4d700fcf_JaffaCakes118
-
Size
108KB
-
Sample
240420-xs49psfe77
-
MD5
fd6f4248127c6cc0c7adbb2d4d700fcf
-
SHA1
dfec1ecaf7690c3496fecd33bb2749fe99d47e90
-
SHA256
c3592da004b4ee88187be739da83947b8cef8af2d1f66e97d32e331fbade23e1
-
SHA512
ce9d810cccc10e5dd241cec9786fdf1d534f1f4a549cc6c7cb21e9b3ed8f068164ae04486b530ab9c025a5dacd6cfb845f38b60c3e20c8d62cad455799bee3f9
-
SSDEEP
1536:jjpisUVA8Itd42vRxh1FvVzXYiMCwqNglt8cX4K4s6ODaFCwnKFHSCYMNUz:jNuLItOcdHvtsN6QaMwnLCY6Uz
Malware Config
Targets
-
-
Target
fd6f4248127c6cc0c7adbb2d4d700fcf_JaffaCakes118
-
Size
108KB
-
MD5
fd6f4248127c6cc0c7adbb2d4d700fcf
-
SHA1
dfec1ecaf7690c3496fecd33bb2749fe99d47e90
-
SHA256
c3592da004b4ee88187be739da83947b8cef8af2d1f66e97d32e331fbade23e1
-
SHA512
ce9d810cccc10e5dd241cec9786fdf1d534f1f4a549cc6c7cb21e9b3ed8f068164ae04486b530ab9c025a5dacd6cfb845f38b60c3e20c8d62cad455799bee3f9
-
SSDEEP
1536:jjpisUVA8Itd42vRxh1FvVzXYiMCwqNglt8cX4K4s6ODaFCwnKFHSCYMNUz:jNuLItOcdHvtsN6QaMwnLCY6Uz
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1