General
-
Target
27657163d77487cf9806710fc06d9858_JaffaCakes118
-
Size
703KB
-
Sample
240706-f496nawgqq
-
MD5
27657163d77487cf9806710fc06d9858
-
SHA1
7fcc30657e29a1d11c788d61659f701de725c7ab
-
SHA256
a297c8d0dc60929e89ad7763ade6df08633aab33c739fd4733d0e9fcfba7eeac
-
SHA512
39870df376199f69d9b206d0a823292108388e5db6eaa1553433d9e28962fa39a813a5ed8151d345a096feb902a5b4566e047db58678f1f966ebbe48a5103f73
-
SSDEEP
12288:RXtCtx6mVaB+s/cEAgoOOeq6yfwPRs6CIqrUA+pzQmT4sc:t2kmVc+izAkOeVxsWqrUA+pzQm0
Malware Config
Targets
-
-
Target
27657163d77487cf9806710fc06d9858_JaffaCakes118
-
Size
703KB
-
MD5
27657163d77487cf9806710fc06d9858
-
SHA1
7fcc30657e29a1d11c788d61659f701de725c7ab
-
SHA256
a297c8d0dc60929e89ad7763ade6df08633aab33c739fd4733d0e9fcfba7eeac
-
SHA512
39870df376199f69d9b206d0a823292108388e5db6eaa1553433d9e28962fa39a813a5ed8151d345a096feb902a5b4566e047db58678f1f966ebbe48a5103f73
-
SSDEEP
12288:RXtCtx6mVaB+s/cEAgoOOeq6yfwPRs6CIqrUA+pzQmT4sc:t2kmVc+izAkOeVxsWqrUA+pzQm0
Score10/10-
Modifies WinLogon for persistence
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-