General
-
Target
5fc17490c95c2ff2641f5543f3ce1dea_JaffaCakes118
-
Size
1.0MB
-
Sample
240720-kdcjxsthmm
-
MD5
5fc17490c95c2ff2641f5543f3ce1dea
-
SHA1
d39b139c9cca542f423623f85a8c1833dad34902
-
SHA256
beefe556c769966d5fb10ffb888c5d4983dce84185ba47ecc5a5ff4b36006d46
-
SHA512
54eae9e1d2070e133d0e41e1f8d10530ac84aca04d8fb62c5a1e53a5f3ba3d082963b04158ce3a15c3ca425d553e46d1d122bff637aba71f80a86b2434843937
-
SSDEEP
24576:lPWmOKWvpckja5YOXEbj+Veniiv1gOpJ8Y3Sdr:lP2KWGzxiv12
Malware Config
Targets
-
-
Target
5fc17490c95c2ff2641f5543f3ce1dea_JaffaCakes118
-
Size
1.0MB
-
MD5
5fc17490c95c2ff2641f5543f3ce1dea
-
SHA1
d39b139c9cca542f423623f85a8c1833dad34902
-
SHA256
beefe556c769966d5fb10ffb888c5d4983dce84185ba47ecc5a5ff4b36006d46
-
SHA512
54eae9e1d2070e133d0e41e1f8d10530ac84aca04d8fb62c5a1e53a5f3ba3d082963b04158ce3a15c3ca425d553e46d1d122bff637aba71f80a86b2434843937
-
SSDEEP
24576:lPWmOKWvpckja5YOXEbj+Veniiv1gOpJ8Y3Sdr:lP2KWGzxiv12
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1