General
-
Target
25abfe8558c28935a10032501cd2d182_JaffaCakes118
-
Size
144KB
-
Sample
240704-wcyxbashpg
-
MD5
25abfe8558c28935a10032501cd2d182
-
SHA1
044b2e821e0d4f5c7ec3dc9fea656c2c379452f0
-
SHA256
ec1b19a1ba04212dd9198224c068f330f68174789fe299352cf9dd9134f05434
-
SHA512
9cafe824fdf7ff32b4abc2cb6a9b99872eb35a30912f8bcb465170fad7f0e651973e117d524bfbdb1a49923e0ab1e105e3bb7201584e541048b8b635877c6074
-
SSDEEP
3072:Wva0rv3zTewCxXOj2AiorBX5c5MFj6DCIZ4Bf5:WvXrzChoj7X5JMDvq5
Malware Config
Targets
-
-
Target
25abfe8558c28935a10032501cd2d182_JaffaCakes118
-
Size
144KB
-
MD5
25abfe8558c28935a10032501cd2d182
-
SHA1
044b2e821e0d4f5c7ec3dc9fea656c2c379452f0
-
SHA256
ec1b19a1ba04212dd9198224c068f330f68174789fe299352cf9dd9134f05434
-
SHA512
9cafe824fdf7ff32b4abc2cb6a9b99872eb35a30912f8bcb465170fad7f0e651973e117d524bfbdb1a49923e0ab1e105e3bb7201584e541048b8b635877c6074
-
SSDEEP
3072:Wva0rv3zTewCxXOj2AiorBX5c5MFj6DCIZ4Bf5:WvXrzChoj7X5JMDvq5
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1