General

  • Target

    36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118

  • Size

    248KB

  • Sample

    240710-zzcjdaselc

  • MD5

    36641b0a718d811e74fde8ef7dd0ed32

  • SHA1

    8426c305ac2e732f643d4e1357b57353f7e25e30

  • SHA256

    fe87a12f6e6195ea889f8f8f1f0f48c9cb8c75bf9bc678e1130dd8451b13cc32

  • SHA512

    e7048deb5c4a3fe0e2d0f0890ac369f64d62c46166bdd8a9203bb7030b3b721b172f61f149279b045d97ba46b0ef35baf2a09e062f730a6bc522532d81d3b0d6

  • SSDEEP

    6144:dvM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DO:dE5CLkFfnRnWKnvmb7/D26qndv0DO

Score
10/10

Malware Config

Targets

    • Target

      36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118

    • Size

      248KB

    • MD5

      36641b0a718d811e74fde8ef7dd0ed32

    • SHA1

      8426c305ac2e732f643d4e1357b57353f7e25e30

    • SHA256

      fe87a12f6e6195ea889f8f8f1f0f48c9cb8c75bf9bc678e1130dd8451b13cc32

    • SHA512

      e7048deb5c4a3fe0e2d0f0890ac369f64d62c46166bdd8a9203bb7030b3b721b172f61f149279b045d97ba46b0ef35baf2a09e062f730a6bc522532d81d3b0d6

    • SSDEEP

      6144:dvM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DO:dE5CLkFfnRnWKnvmb7/D26qndv0DO

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks