General
-
Target
69790e7101ae47a9046bc16fed0d73c5_JaffaCakes118
-
Size
164KB
-
Sample
240723-3y7jxawcpk
-
MD5
69790e7101ae47a9046bc16fed0d73c5
-
SHA1
28eb3a67dba9e616e410cf996b9fbbd64c28fe02
-
SHA256
775b50cc23225dfbf468fe62df24c150b3fb13c5c10c1a7f0cf4465cc0ebcb1e
-
SHA512
41aafe7eae8fb7df3adc44aa90ad7eeaddc006e1b57b79a68741aabaa7dee0dab72403b8af59bb930a3521682484cc10c03a276a544a1c610e9459dfd4d68725
-
SSDEEP
3072:7LF7Du+WxLPt0fyCJBpn5Fu1k42FEmQJZ:7LF7i+yVkJBpn5sJ2F6f
Malware Config
Targets
-
-
Target
69790e7101ae47a9046bc16fed0d73c5_JaffaCakes118
-
Size
164KB
-
MD5
69790e7101ae47a9046bc16fed0d73c5
-
SHA1
28eb3a67dba9e616e410cf996b9fbbd64c28fe02
-
SHA256
775b50cc23225dfbf468fe62df24c150b3fb13c5c10c1a7f0cf4465cc0ebcb1e
-
SHA512
41aafe7eae8fb7df3adc44aa90ad7eeaddc006e1b57b79a68741aabaa7dee0dab72403b8af59bb930a3521682484cc10c03a276a544a1c610e9459dfd4d68725
-
SSDEEP
3072:7LF7Du+WxLPt0fyCJBpn5Fu1k42FEmQJZ:7LF7i+yVkJBpn5sJ2F6f
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
3