General
-
Target
05ea1ab26db458ec07e37e2d8d19c2e2_JaffaCakes118
-
Size
171KB
-
Sample
240620-pgvxws1dnp
-
MD5
05ea1ab26db458ec07e37e2d8d19c2e2
-
SHA1
ac56a2e1372c23a5f8a09a7f9f6ef15706256277
-
SHA256
edffa3d797694733475538588c4a17b5860856cf4b65b702bf6b918a4bd5f5ef
-
SHA512
a3757ddf6ae5181b6a71e5cd2603fbed1546e7f1e15b28172d48c71bb7813a76f92cfdbf64f4090457895d7f648d95f81eaa746db730b47bb92688e5f7f50fdd
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DERAFtF:gDCwfG1bnxLERWtF
Malware Config
Targets
-
-
Target
05ea1ab26db458ec07e37e2d8d19c2e2_JaffaCakes118
-
Size
171KB
-
MD5
05ea1ab26db458ec07e37e2d8d19c2e2
-
SHA1
ac56a2e1372c23a5f8a09a7f9f6ef15706256277
-
SHA256
edffa3d797694733475538588c4a17b5860856cf4b65b702bf6b918a4bd5f5ef
-
SHA512
a3757ddf6ae5181b6a71e5cd2603fbed1546e7f1e15b28172d48c71bb7813a76f92cfdbf64f4090457895d7f648d95f81eaa746db730b47bb92688e5f7f50fdd
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DERAFtF:gDCwfG1bnxLERWtF
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-