General
-
Target
778c651c4d68f92e4f8a97bd762d0142_JaffaCakes118
-
Size
458KB
-
Sample
240727-kfxymszgja
-
MD5
778c651c4d68f92e4f8a97bd762d0142
-
SHA1
582efde1d1aef59809b3f15f0efdc95368428c93
-
SHA256
caea5343d0bf79c698938d4f9ad30068e4b0f2541ebaa468b8f8336c84a7869c
-
SHA512
8e31c73260b99cb407fdf3ce588f6fa9c87b0b9a93c87e5ca2541cadc0ff1058a97de8d5a52ff42b1a4902493d1a8944ca2442727bafce6f30b4fb17266baf01
-
SSDEEP
12288:qmuH1B7lSJhEypUOGtPM7sYGLL7LXBjNqV2oxF:qLIz2FV6AL79jC2A
Malware Config
Targets
-
-
Target
778c651c4d68f92e4f8a97bd762d0142_JaffaCakes118
-
Size
458KB
-
MD5
778c651c4d68f92e4f8a97bd762d0142
-
SHA1
582efde1d1aef59809b3f15f0efdc95368428c93
-
SHA256
caea5343d0bf79c698938d4f9ad30068e4b0f2541ebaa468b8f8336c84a7869c
-
SHA512
8e31c73260b99cb407fdf3ce588f6fa9c87b0b9a93c87e5ca2541cadc0ff1058a97de8d5a52ff42b1a4902493d1a8944ca2442727bafce6f30b4fb17266baf01
-
SSDEEP
12288:qmuH1B7lSJhEypUOGtPM7sYGLL7LXBjNqV2oxF:qLIz2FV6AL79jC2A
Score8/10-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-