General
-
Target
040713ac423b13531a036424d5c55b3d_JaffaCakes118
-
Size
160KB
-
Sample
240620-ja5wmawcmg
-
MD5
040713ac423b13531a036424d5c55b3d
-
SHA1
da8cdf8bb2d89a3ff61bb5333f2231b18e0a49be
-
SHA256
76205a1337c68b4016ae904ba4e654e0562e465938041b9bcb63f66ec610c3f2
-
SHA512
39e382a536030d20413e1d954fea1e803be33ed0ce862ecc50c689e6dba423becd019df19acd2e49f2d5dccba1296fa82f01ef832917a5ed680ed94b2c57cfe6
-
SSDEEP
3072:BMSAAfLiKbFHka71tXOK7cPHqzQI+oNf:TV37cPHqzNVN
Malware Config
Targets
-
-
Target
040713ac423b13531a036424d5c55b3d_JaffaCakes118
-
Size
160KB
-
MD5
040713ac423b13531a036424d5c55b3d
-
SHA1
da8cdf8bb2d89a3ff61bb5333f2231b18e0a49be
-
SHA256
76205a1337c68b4016ae904ba4e654e0562e465938041b9bcb63f66ec610c3f2
-
SHA512
39e382a536030d20413e1d954fea1e803be33ed0ce862ecc50c689e6dba423becd019df19acd2e49f2d5dccba1296fa82f01ef832917a5ed680ed94b2c57cfe6
-
SSDEEP
3072:BMSAAfLiKbFHka71tXOK7cPHqzQI+oNf:TV37cPHqzNVN
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1