General
-
Target
71b4dcefce1e1a8cc945ee91363e042d_JaffaCakes118
-
Size
897KB
-
Sample
240725-3js3zasbpm
-
MD5
71b4dcefce1e1a8cc945ee91363e042d
-
SHA1
49b12d852c36458193304a99aac52d310decfde6
-
SHA256
a261915e7b2253e3ac0291a1e2e9d45c57874e0d67a4590893cc27757ed06b40
-
SHA512
8479c7cba275c1c9947c1850d39651da6c3cfdada217ad6436be83a815c62de31c839ccfd6b046553b7d32ce7a64338330919f21f17c4c3721e4097986b65a87
-
SSDEEP
12288:20k8tylIiSxqjrrrBY5x1uS2NlrWCcTrYoHJNYSbFNNC/Wd3f9nXKBVLs/M+ULzD:2ODiHrrrmFqK/fbHtE/uPQTuNUL
Malware Config
Targets
-
-
Target
71b4dcefce1e1a8cc945ee91363e042d_JaffaCakes118
-
Size
897KB
-
MD5
71b4dcefce1e1a8cc945ee91363e042d
-
SHA1
49b12d852c36458193304a99aac52d310decfde6
-
SHA256
a261915e7b2253e3ac0291a1e2e9d45c57874e0d67a4590893cc27757ed06b40
-
SHA512
8479c7cba275c1c9947c1850d39651da6c3cfdada217ad6436be83a815c62de31c839ccfd6b046553b7d32ce7a64338330919f21f17c4c3721e4097986b65a87
-
SSDEEP
12288:20k8tylIiSxqjrrrBY5x1uS2NlrWCcTrYoHJNYSbFNNC/Wd3f9nXKBVLs/M+ULzD:2ODiHrrrmFqK/fbHtE/uPQTuNUL
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3