General
-
Target
27f5f3b431d159dd058210156d7d94ae_JaffaCakes118
-
Size
244KB
-
Sample
240706-ksy2gashpn
-
MD5
27f5f3b431d159dd058210156d7d94ae
-
SHA1
b0ba53092865155787b8058a470971b875ceef65
-
SHA256
d126bab2b1b571d369da3bf978f1573e6670d2d5a73cdcb1cc031e8396f2a293
-
SHA512
516ec9511c41fe01b410af4084127f450199e2be8535081149e901622bca7fd15bd206ad7016ee7a8439d1be44aef60fb60dca63eb5fb380c214d0ea013c5598
-
SSDEEP
6144:l58IQr7HrLIoNNMAZTbXioa81LnQLoqUIRvp3T:PLQr7HrvL1Rn0IIRvt
Malware Config
Targets
-
-
Target
27f5f3b431d159dd058210156d7d94ae_JaffaCakes118
-
Size
244KB
-
MD5
27f5f3b431d159dd058210156d7d94ae
-
SHA1
b0ba53092865155787b8058a470971b875ceef65
-
SHA256
d126bab2b1b571d369da3bf978f1573e6670d2d5a73cdcb1cc031e8396f2a293
-
SHA512
516ec9511c41fe01b410af4084127f450199e2be8535081149e901622bca7fd15bd206ad7016ee7a8439d1be44aef60fb60dca63eb5fb380c214d0ea013c5598
-
SSDEEP
6144:l58IQr7HrLIoNNMAZTbXioa81LnQLoqUIRvp3T:PLQr7HrvL1Rn0IIRvt
Score10/10-
Modifies WinLogon for persistence
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-