General
-
Target
6e8b7dd81153ebc916967cd6c85334d3_JaffaCakes118
-
Size
5.8MB
-
Sample
240524-ps5w8sce48
-
MD5
6e8b7dd81153ebc916967cd6c85334d3
-
SHA1
5e45f2ee1227b32d7e2bf48232810ea2bfb7f0c0
-
SHA256
0a0b6b4e25df3afae5bf65f6a227eda5ae9c7b6b959cb94c5d171b2ed2fead4d
-
SHA512
1890af3fb52f75ffc807b53db80e88c8c39089f028948b6bdf3da6af21479d48c5378ac18e0d5d1eef9c299d0f78a380f0036db3548b3da0ff991c583024dfaf
-
SSDEEP
98304:U2wc10DlRAGQz/bgNzRSq+S8Y0TXcSfkaFMOoPKhh3DunjgQYXGt//S:U2LGQz/bgNzRSNysXcSfkOM6hhzunENJ
Malware Config
Targets
-
-
Target
6e8b7dd81153ebc916967cd6c85334d3_JaffaCakes118
-
Size
5.8MB
-
MD5
6e8b7dd81153ebc916967cd6c85334d3
-
SHA1
5e45f2ee1227b32d7e2bf48232810ea2bfb7f0c0
-
SHA256
0a0b6b4e25df3afae5bf65f6a227eda5ae9c7b6b959cb94c5d171b2ed2fead4d
-
SHA512
1890af3fb52f75ffc807b53db80e88c8c39089f028948b6bdf3da6af21479d48c5378ac18e0d5d1eef9c299d0f78a380f0036db3548b3da0ff991c583024dfaf
-
SSDEEP
98304:U2wc10DlRAGQz/bgNzRSq+S8Y0TXcSfkaFMOoPKhh3DunjgQYXGt//S:U2LGQz/bgNzRSNysXcSfkOM6hhzunENJ
Score8/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1