General
-
Target
77301810f76f47d48379f4b0ded1185a_JaffaCakes118
-
Size
292KB
-
Sample
240727-grsaratdpb
-
MD5
77301810f76f47d48379f4b0ded1185a
-
SHA1
868f61f3654f388b4030adbaebfdac34f43a996e
-
SHA256
f3f6cb75c9397e79039850ad5c215d9935eb8982d5c79e58f127e8d7fcabe51b
-
SHA512
2deb349cdee160bad8b3cd2245e87fb294db8e02737021eece84529922f0a3828eb007f85f90996160c10b7f149009118652caab0b0b4a8effa77e1fca1bf37d
-
SSDEEP
6144:DLnAb/M2A2hi6wSuzKzFptiBNKPAxRLK2xOD:HnAb/A29IKzJANKP+MH
Malware Config
Targets
-
-
Target
77301810f76f47d48379f4b0ded1185a_JaffaCakes118
-
Size
292KB
-
MD5
77301810f76f47d48379f4b0ded1185a
-
SHA1
868f61f3654f388b4030adbaebfdac34f43a996e
-
SHA256
f3f6cb75c9397e79039850ad5c215d9935eb8982d5c79e58f127e8d7fcabe51b
-
SHA512
2deb349cdee160bad8b3cd2245e87fb294db8e02737021eece84529922f0a3828eb007f85f90996160c10b7f149009118652caab0b0b4a8effa77e1fca1bf37d
-
SSDEEP
6144:DLnAb/M2A2hi6wSuzKzFptiBNKPAxRLK2xOD:HnAb/A29IKzJANKP+MH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1