General
-
Target
5f89fad8f7681ae63a51fcc2b9294d20_JaffaCakes118
-
Size
45KB
-
Sample
240720-h6a6fssbkn
-
MD5
5f89fad8f7681ae63a51fcc2b9294d20
-
SHA1
a42806f2939d671532d793a0691aaec5f5f92f5d
-
SHA256
22e2fe85a7740c36eb0af6b1ea45e56d31aaa6cc7109ed1059d892750d7063f5
-
SHA512
48b9e4ae6a0cfd6a340d8dd66e762da84a47adfacc4536a8e829ce00c51824ec25f98f1aa5dbdb197d315c4536641961430489804bfa2a20c00c44b848f51cb1
-
SSDEEP
384:1M3PnQoHDCpHf4I4Qwdc0G5KDJVjUwauSlFZZlZZZb1:1m/QojCpHfx0J5aFvZZZb1
Malware Config
Targets
-
-
Target
5f89fad8f7681ae63a51fcc2b9294d20_JaffaCakes118
-
Size
45KB
-
MD5
5f89fad8f7681ae63a51fcc2b9294d20
-
SHA1
a42806f2939d671532d793a0691aaec5f5f92f5d
-
SHA256
22e2fe85a7740c36eb0af6b1ea45e56d31aaa6cc7109ed1059d892750d7063f5
-
SHA512
48b9e4ae6a0cfd6a340d8dd66e762da84a47adfacc4536a8e829ce00c51824ec25f98f1aa5dbdb197d315c4536641961430489804bfa2a20c00c44b848f51cb1
-
SSDEEP
384:1M3PnQoHDCpHf4I4Qwdc0G5KDJVjUwauSlFZZlZZZb1:1m/QojCpHfx0J5aFvZZZb1
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-