General
-
Target
4a3d1e4cd1bfafd8c80c34b086ae3bd8_JaffaCakes118
-
Size
172KB
-
Sample
240715-sp9ykazcrd
-
MD5
4a3d1e4cd1bfafd8c80c34b086ae3bd8
-
SHA1
a41ec0164c5a303810a55ebab945cab42d7f66a5
-
SHA256
13fa71f61af67881cb964b29f18c4ca20d546f14e58516c5f16f47cabf4031ec
-
SHA512
ddb7c38ea418185ef589797b7c02f72f5e62a6ab99992dc94874fe9d2d152dbd25c519d2329c8ffd4ea5e19d3a6256ed70dec01d5456eb2add3dedbc9449a617
-
SSDEEP
3072:EQRXeWbBeTxN7kf8DexRxhrZ7jy+bTuJrlgIwGxnrYsqTQSgAQxP3kx:j5re9NVexvhrZ7j3TuJZw2FqTQSgAQxP
Malware Config
Targets
-
-
Target
4a3d1e4cd1bfafd8c80c34b086ae3bd8_JaffaCakes118
-
Size
172KB
-
MD5
4a3d1e4cd1bfafd8c80c34b086ae3bd8
-
SHA1
a41ec0164c5a303810a55ebab945cab42d7f66a5
-
SHA256
13fa71f61af67881cb964b29f18c4ca20d546f14e58516c5f16f47cabf4031ec
-
SHA512
ddb7c38ea418185ef589797b7c02f72f5e62a6ab99992dc94874fe9d2d152dbd25c519d2329c8ffd4ea5e19d3a6256ed70dec01d5456eb2add3dedbc9449a617
-
SSDEEP
3072:EQRXeWbBeTxN7kf8DexRxhrZ7jy+bTuJrlgIwGxnrYsqTQSgAQxP3kx:j5re9NVexvhrZ7j3TuJZw2FqTQSgAQxP
Score7/10-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-