General
-
Target
6223f65559d548f42dc03ab9bb4b2fa0_JaffaCakes118
-
Size
185KB
-
Sample
240722-bazqlswdmj
-
MD5
6223f65559d548f42dc03ab9bb4b2fa0
-
SHA1
b517ae625e60add28cb9979ac5fb87d7871d1483
-
SHA256
e1425ea112bf3195cc74a00bad212401f70db8bfb88ec09d96f827c065b36a46
-
SHA512
4f6d801bf0683ef08fca59ad2499a7aac5ca0530a084a24aad9a0761a571a47daf605654c2437408eb843e480f61a74114b3cea65c402a4c33986d9e81cf27f5
-
SSDEEP
3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVl:Eazq3aipalYuhoao5sQkzYu
Malware Config
Targets
-
-
Target
6223f65559d548f42dc03ab9bb4b2fa0_JaffaCakes118
-
Size
185KB
-
MD5
6223f65559d548f42dc03ab9bb4b2fa0
-
SHA1
b517ae625e60add28cb9979ac5fb87d7871d1483
-
SHA256
e1425ea112bf3195cc74a00bad212401f70db8bfb88ec09d96f827c065b36a46
-
SHA512
4f6d801bf0683ef08fca59ad2499a7aac5ca0530a084a24aad9a0761a571a47daf605654c2437408eb843e480f61a74114b3cea65c402a4c33986d9e81cf27f5
-
SSDEEP
3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVl:Eazq3aipalYuhoao5sQkzYu
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-