General
-
Target
14c04c85f57faa93ade5a6b83da77c45_JaffaCakes118
-
Size
821KB
-
Sample
240627-fkgp1awcnj
-
MD5
14c04c85f57faa93ade5a6b83da77c45
-
SHA1
584a57c10fafc8f78edeaa21ed3d9559e7692ef0
-
SHA256
d12c565405670d2c4a6bdcc82da8ca3566e2eb21bafd9518c69fd38403f61d18
-
SHA512
450bcf3c45978d34d37761d5fb4e30d2be40360ca802200298e343217f18d81afe03fc52da187f9ab04a637d0e610c1c9962e80fc7787152fbb14f429ceb7cd5
-
SSDEEP
12288:PYPqYq/ixdAWxdOdB/84rFRGV+8pYpKi0QH1bT3G2XZkDXf9Kx8nuBuupxvhs+T:PbixK/XFRGzpyFD9W2GP9Nusu7vVT
Malware Config
Targets
-
-
Target
14c04c85f57faa93ade5a6b83da77c45_JaffaCakes118
-
Size
821KB
-
MD5
14c04c85f57faa93ade5a6b83da77c45
-
SHA1
584a57c10fafc8f78edeaa21ed3d9559e7692ef0
-
SHA256
d12c565405670d2c4a6bdcc82da8ca3566e2eb21bafd9518c69fd38403f61d18
-
SHA512
450bcf3c45978d34d37761d5fb4e30d2be40360ca802200298e343217f18d81afe03fc52da187f9ab04a637d0e610c1c9962e80fc7787152fbb14f429ceb7cd5
-
SSDEEP
12288:PYPqYq/ixdAWxdOdB/84rFRGV+8pYpKi0QH1bT3G2XZkDXf9Kx8nuBuupxvhs+T:PbixK/XFRGzpyFD9W2GP9Nusu7vVT
Score8/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2