General

  • Target

    73809552bdd28fbd020cff66fbe36750_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240525-2qnw6adc6s

  • MD5

    73809552bdd28fbd020cff66fbe36750

  • SHA1

    b2627318376d4c8265e3559c39e63abe3f2b2d96

  • SHA256

    d37a72e5305c6b89b6c53c4d401e7700c0efdf744e5cfbf530a2835c6d473002

  • SHA512

    1c5940dcef3a933bd3cfa73b267bcec9e88c205eefc0334d6b11feb6cd629ad2a58e61a5bd79f09274d5730d7df4577c250d4b18c49c71925d562261bfeafeb9

  • SSDEEP

    98304:Nviz/27qWGq/TzuqCDl2Ptao7jetu6VNsu:Nviq75/TzufF3Nsu

Score
8/10

Malware Config

Targets

    • Target

      73809552bdd28fbd020cff66fbe36750_JaffaCakes118

    • Size

      3.2MB

    • MD5

      73809552bdd28fbd020cff66fbe36750

    • SHA1

      b2627318376d4c8265e3559c39e63abe3f2b2d96

    • SHA256

      d37a72e5305c6b89b6c53c4d401e7700c0efdf744e5cfbf530a2835c6d473002

    • SHA512

      1c5940dcef3a933bd3cfa73b267bcec9e88c205eefc0334d6b11feb6cd629ad2a58e61a5bd79f09274d5730d7df4577c250d4b18c49c71925d562261bfeafeb9

    • SSDEEP

      98304:Nviz/27qWGq/TzuqCDl2Ptao7jetu6VNsu:Nviq75/TzufF3Nsu

    Score
    8/10
    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks