General
-
Target
483d7fc40dc306c5be4379b7ffbd04b3_JaffaCakes118
-
Size
410KB
-
Sample
240715-e7ecqayakq
-
MD5
483d7fc40dc306c5be4379b7ffbd04b3
-
SHA1
b449651b9af44a677b6721ed8364ea68ace45b9c
-
SHA256
5bea0d7d000279a4f15e472deaa8a760fb4084c02dcea209b97b7bdba6cbd451
-
SHA512
b684596e71b55b6b2312c601eee42c53a7b93fc9d59e61af6943da4e68fbcdaae75aa4e617066488b0df2dd3b5d5bab0a00e2d474a2459f32c6cb4f07bacf28e
-
SSDEEP
12288:JnNhuBoY8SorxgmA+nlvVlNaR4w8bdbfT:JPatCg7EP/bhT
Malware Config
Targets
-
-
Target
483d7fc40dc306c5be4379b7ffbd04b3_JaffaCakes118
-
Size
410KB
-
MD5
483d7fc40dc306c5be4379b7ffbd04b3
-
SHA1
b449651b9af44a677b6721ed8364ea68ace45b9c
-
SHA256
5bea0d7d000279a4f15e472deaa8a760fb4084c02dcea209b97b7bdba6cbd451
-
SHA512
b684596e71b55b6b2312c601eee42c53a7b93fc9d59e61af6943da4e68fbcdaae75aa4e617066488b0df2dd3b5d5bab0a00e2d474a2459f32c6cb4f07bacf28e
-
SSDEEP
12288:JnNhuBoY8SorxgmA+nlvVlNaR4w8bdbfT:JPatCg7EP/bhT
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1